Best Practice for Deleted AD Users
In our environment, we are not using AD groups. Users are being added individually. We are running User Profile Service but I am aware that when a user is deleted in AD, they stay in the content database in the UserInfo table so that some metadata can be
retained (created by/modified by/etc).
What are best practices for whether or not to get rid of them from the content database(s)?
What do some of you consultants/admins out there do about this? It was brought up as a concern to me that they are still being seen in some list permissions/people picker, etc.
Thank you!
Personally I would keep them to maintain metadata consistency (Created By etc as you say). I've not had it raised as a concern anywhere I've worked.
However, there are heaps of resources online to delete such users (even in bulk via Powershell). As such, I am unaware of cases of deleting them causing major problems.
w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP
Similar Messages
-
Is there a best practice for deleting a published report?
Post Author: matthewh
CA Forum: General
Is there a best practice for deleting a published report from C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\FileStore on Crystal Reports Server or can I just delete the subfolders? Does it reference them elsewhere? I have a load of old reports I need to shed, but can't see how to do it.Hi,
You can refer the SRND guide. As per document (page -292)
you can configured -You can add a maximum of 50 agents per team.
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/ippcenterprise9_0_1/design/guide/UCCE_BK_S06086EC_00_srnd-9-0-1.pdf
Also you can check the Bill of Material document of UCCE , under the section "Operating Conditions, Unified ICM, Unified CC" What are the number should configure in UCCE. -
Best practices for setting up users on a small office network?
Hello,
I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
Thank you,Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang -
Best practice for deleting multiple rows from a table , using creator
Hi
Thank you for reading my post.
what is best practive for deleting multiple rows from a table using rowSet ?
for example how i can execute something like
delete from table1 where field1= ? and field2 =?
Thank youHi,
Please go through the AppModel application which is available at: http://developers.sun.com/prodtech/javatools/jscreator/reference/codesamples/sampleapps.html
The OnePage Table Based example shows exactly how to use deleting multiple rows from a datatable...
Hope this helps.
Thanks,
RK. -
Best practice for Active Directory User Templates regarding Distribution Lists
Hello All
I am looking to implement Active Directory User templates for each department in the company to make the process of creating user accounts for new employees easier. Currently when a user is created a current user's Active directory account is copied, but
this has led to problems with new employees being added to groups which they should not be a part of.
I have attempted to implement this in the past but ran into an issue regarding Distribution Lists. I would like to set up template users with all group memberships that are needed for the department, including distribution lists. Previously I set this up
but received complaints from users who would send e-mail to distribution lists the template accounts were members of.
When sending an e-mail to the distribution list with a member template user, users received an error because the template account does not have an e-mail address.
What is the best practice regarding template user accounts as it pertains to distribution lists? It seems like I will have to create a mailbox for each template user but I can't help but feel there is a better way to avoid this problem. If a mailbox is created
for each template user, it will prevent the error messages users were receiving, but messages will simply build up in these mailboxes. I could set a rule for each one that deletes messages, but again I feel like there is a better way which I haven't thought
of.
Has anyone come up with a better method of doing this?
Thank youYou can just add arbitrary email (not a mailbox) to all your templates and it should solve the problem with errors when sending emails to distribution lists.
If you want to further simplify your user creation process you can have a look at Adaxes (consider it's a third-party app). If you want to use templates, it gives you a slightly better way to do that (http://www.adaxes.com/tutorials_WebInterfaceCustomization_AllowUsingTemplatesForUserCreation.htm)
and it also can automatically perform tasks such as mailbox creation for newly created users (http://www.adaxes.com/tutorials_AutomatingDailyTasks_AutomateExchangeMailboxesCreationForNewUsers.htm).
Alternatively you can abandon templates at all and use customizable condition-based rules to automatically perform all the needed tasks on user creation such as OU allocation, group membership assignment, mailbox creation, home folder creation, etc. based on
the factors you predefine for them. -
Best practice for deletion of SAP standard configuration
Does anyone have any documentation related to deletion of standard SAP configuration? My client is requesting deletion of all the standard delivered company codes and I believe it is best practice to never delete them. I am looking for supporting documentation that supports this.
Rhonda,
I have never seen a system where the standard delivered company codes did not exist, so I can't say what the implications of deletion are. I suppose it is possible to do....
For documentation, I guess you could search through service.sap.com/support.
I would think you would respond to the request as follows:
Tell the client it will be extra work to delete the items. Which will translate into additional billable fees.
Tell the client (in writing) that you cannot predict what all possible outcomes will be, but that you are willing to work with him to fix anything that gets broken in the process. For additional billable fees.
In the end, the client is paying for your advice and your services. In the end, he owns the license and the system upon which it is running. He can have anything he wants, there is no other 'right' or 'wrong'.
I suggest you don't delete anything in client 000. Most companies keep this as a reference. If the client later decides to reconstruct, this would be a nice source of info.
Since company codes greatly affect FI/CO, you might want to post the question in one of those forums.
Best Regards,
DB49 -
Bad bind variable & best practice for delete
I am working with three tables and very new to SQL. I need to create a procedure that will accept an ID and go through two sub tables and delete child records. Item is the main table. I am passing in the ID into the procedure and I want to use it as below. I keep getting a bad bind variable error message. I have verified that the table is setup as a number and my procedure accepts a number. I also want someone to review this from best practice as I am new to procedures.
PROCEDURE DeleteItem (p_ItemID IN NUMBER, p_RowsAffected OUT number)
IS
p_RowsAffected NUMBER;
-- select the itemdetail for the analysis
CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = :p_ItemID;
BEGIN
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
-- delete the itemdetail
BEGIN
DELETE FROM ITEMDETAIL
WHERE itemid = :p_ItemID;
COMMIT;
END;
-- delete the main item
BEGIN
DELETE FROM ITEM
WHERE itemdid = :p_ItemID;
COMMIT;
p_RowsAffected := SQL%ROWCOUNT;
END;
END DeleteItem;Hi,
Welcome to the forum!
As you may notice, this site normally compresses white-space. Whenever you post code, or any formatted text, on this site, type these 6 characters:
\(small letters only, inside curly brackets) before and after each section of formatted text, to preserve spacing.
I don't think you mean to use bind variables anywhere, so don't use colons before any variable names. You were doing this correctly with p_RowsAffected; do the same thing with p_ItemID.
Try this:PROCEDURE DeleteItem (p_ItemID IN NUMBER, p_RowsAffected OUT number)
IS
-- p_RowsAffected NUMBER; -- Don't name local variables the same as arguments
-- select the itemdetail for the analysis
CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID; -- No : before p_ItemID
BEGIN
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
-- delete the itemdetail
BEGIN
DELETE FROM ITEMDETAIL
WHERE itemid = p_ItemID; -- No : before p_ItemID
COMMIT;
END;
-- delete the main item
BEGIN
DELETE FROM ITEM
WHERE itemdid = p_ItemID; -- No : before p_ItemID
COMMIT;
p_RowsAffected := SQL%ROWCOUNT;
END;
END DeleteItem;
The most important "best practice" with PL/SQL is to avoid doing it whenever possible.
If SQL offers a way o do the same thing, it's usally best not to code anything in PL/SQL.
Have you considered foreign key constraints, with "ON DELETE CASCADE"? That way, you could simply "DELETE FROM item", and all the dependent rows in the other tables would automatically be deleted. You wouldn't need to remember to call a procedure like this; in fact, you would have no need for a procedure like this.
Given that you do have such a procedure:
You're doing row-by-row processing, which some mad wags like to call "slow-by-slow" processing.
For example, iYou're xplicitly finding each ItemDetailID separately, and deleting each one separately, like this:... CURSOR c_itemdetail
IS
SELECT
itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID;
-- loop through each itemdetail and delete the itemdetailoutlay
FOR r_itemdetail IN c_itemdetail
LOOP
BEGIN
DELETE FROM ITEMDETAILOUTLAY
WHERE itemdetailid = r_itemdetail.itemdetailid;
COMMIT;
END;
END LOOP;
It's more efficient for the system (and less coding for you) if you let SQL handle as much as possible, so do this instead... DELETE FROM ItemDetailOutlay
WHERE ItemDetailID IN
( SELECT itemdetailid
FROM itemDETAIL
WHERE itemid = p_ItemID
Do you really want to COMMIT 3 times? 0 or 1 times might be better.
What happens if there is some kind of error, say, after you've delete rows form ItemDetailOutlay and ItemDetail, but before you've delete from Item? Wouldn't you want the entire transaction to fail, and leave all three tables in a consistent state? If so, either have the calling procedure COMMIT, or have a single COMMIT at the end of DelteItem.
Edited by: Frank Kulash on May 6, 2010 2:25 PM -
Best practice to delete a User in SRM.
Can some one tell how we can handle a situation where we have to delete a user from SRM, but make sure we don't have any open procurement documents. SRM server 550
Here is my issue:
1. Users are replicated to SRM from ECC via ALE
2. Whenever a user is terminated from the company a user update from ECC will delete the user in SRM.
Appreciate any help and will give points
ArpitaArpita
Our business process for removing users from our SRM 5.5 system
1. TCode SU01 expire the users licence and lock the userID.
2. Also in SU01 remove the users email address esp if using off line mail processes
3. Remove the user's roles using PFCG
4. In the SRM Org Structure we have a node for de-activated users not attached to any Company code - we move them to that node and change the assignment description so we know where they came from - this is our Audit requirement.
5. In the Org Structure remove any attributes concerned with approval of cost centers/orders etc. Also change their Approval Value level in Extended attriutes to zero.
6. If the user was an approver check SWI5 to find any uncompleted workflow items
7. Use SWIA to re-route those items to an appropriate approver
8. Check for any user substitutes active or passive and remove them, we wrote an ABAP application for this as we could find no suitable SAP transaction. You could log on as the user and do it that way, but if the user is a substitute for someone else you cannot.
9 If the user exists in the back end ERP system, de-activate in SU01 as steps 1 & 2 above
10 Check if there are any workflow in ERP.
We never delete users as this will cause problems with any documents that they worked on for ever and ever and ever...
With this procedure sometimes - not very often - they return to the organization and they can be re-activated.
Hope this helps you and others
Allen -
Best practice for managing unofficial user repo with git?
G'day Archers,
(I hope this is the right subforum for my question -- feel free to move.)
I am currently playing around with setting up an unofficial repo. So far so good, except I am trying to make sure I do things "properly".
I am currently deploying my website according to this tip I've seen recommended. I.e. on the server, set up a bare repo in say ~/src/www.git with a post-receive hook that states something like
GIT_WORK_TREE=$HOME/www_public git checkout -f
where ~/www_public is the apache directory root for the website.
Doing it this way, I can push and pull changes between my desktop, the server and my laptop and the .git files don't end up visible to the public.
Now I want to add my repo to this system, but repo-add creates ".tar.gz" files. According to github help, these are better off ignored by git.
One solution that occurs to me is to add a pre-commit that decompresses the db into plain text and a post-receive that recompresses to a form that pacman will understand. However, I wonder if there is a simpler solution that I'm missing? I notice that Debian seems to have a tool that will do what I want, for Debian users. Does something equivalent exist for Archlinux, or do any Archers who run unofficial repos have any tips for me based on their experience/mistakes/successes of the past?G'day Archers,
(I hope this is the right subforum for my question -- feel free to move.)
I am currently playing around with setting up an unofficial repo. So far so good, except I am trying to make sure I do things "properly".
I am currently deploying my website according to this tip I've seen recommended. I.e. on the server, set up a bare repo in say ~/src/www.git with a post-receive hook that states something like
GIT_WORK_TREE=$HOME/www_public git checkout -f
where ~/www_public is the apache directory root for the website.
Doing it this way, I can push and pull changes between my desktop, the server and my laptop and the .git files don't end up visible to the public.
Now I want to add my repo to this system, but repo-add creates ".tar.gz" files. According to github help, these are better off ignored by git.
One solution that occurs to me is to add a pre-commit that decompresses the db into plain text and a post-receive that recompresses to a form that pacman will understand. However, I wonder if there is a simpler solution that I'm missing? I notice that Debian seems to have a tool that will do what I want, for Debian users. Does something equivalent exist for Archlinux, or do any Archers who run unofficial repos have any tips for me based on their experience/mistakes/successes of the past? -
What is a best practice for our end users submitting their completed forms?
I've created an application with fillable fields using Adobe 10. I'm trying to figure out the best way to get the info back. I really don't want them emailing it as it will have sensitive data. I've seen others on this forum referring to using "servers" but I can't seem to find any additional info on this solution. Any advice?
If the data is sensitive, email is an absolute no-no.
In addition to being on a server - that is, a web server - you need to have a secure connection.
That in turn is a web address starting https not just http.
On the web server, an experienced programmer installs a "script".
When the form filler clicks SUBMIT, the information from the form is sent to the script.
The script, in turn, being a program, does whatever the programmer thinks, such as
- put it in a database
- check the data and reply immediately
- email it (very bad idea in this case)
Typically it's in a database, and you - the person in charge - visits a different script on the
same server, to get stuff out of the database and process the information.
I underline experienced. This is no job for a beginner or amateur, or even someone who
has never worked with web scripts. Bad scripts are the main reason that web sites get
hacked and details stolen, or your site defaced or otherwise bought into disrepute. -
OIM 10g: Best practice for updating OIM user status from target recon?
We have a requirement, where we need to trigger one or more updates to the OIM user record (including status) based on values pulled in from a target resource recon from an LDAP. For example, if an LDAP attribute "disable-flag=123456" then we want to disable the OIM user. Other LDAP attributes may trigger other OIM user attribute changes.
I think I need to write a custom adapter to handle "recon insert received" and "recon update received" events from the target recon, but wanted to check with the community to see if this was the right approach. Would post-insert/post-update event handlers be a better choice?Thanks Nishith. That's along the lines of what I was thinking. The only issue in my case is that I might need to update additional custom attributes on the OIM User in addition to enable/disable. Because of that requirement, my thought was to call the API directly from my task adapter to do the attribute updates in addition to the enable/disable. Does this seem like a sound approach?
-
Best practice for deleting data based on mismatch
I have two tables which share the same key columns (one is an extension table of the other, basically)
INVPARTINSTOCK_C is current data
INVPARTINSTOCK_D is a date extension table
I want to remove all data in D which is not in C
I can gather a list of mismatched data by using:
select
d.Contract,
d.Part_No,
d.Location_No,
d.Lot_Batch_No,
d.Serial_No,
d.Eng_Chg_Level
from invpartinstock_d d
MINUS
select
c.Contract,
c.Part_No,
c.Location_No,
c.Lot_Batch_No,
c.Serial_No,
c.Eng_Chg_Level
from invpartinstock_c c but how do I apply that to a DELETE FROM INVPARTINSTOCK_D WHERE... ?
Thanks1) It depends on, at least, the data volumes we're talking about, but
DELETE FROM dtable
WHERE (column_list) IN (your_minus_query)should be functionally correct. Probably more efficient would be
DELETE FROM invpartinstock_d d
WHERE NOT EXISTS(
SELECT 1
FROM invpartinstock_c c
WHERE c.contract = d.contract
)2) Why isn't there a foreign key relationship that prevents this sort of mismatch in the first place?
Justin -
Best practice for deleting data
I need to clear several years' worth of data from our environment. In addition, we have a number of categories that need to be cleared as well. Is there any need to actually clear the data prior to making making the dimension changes? Or is it enough to simply remove the time periods and categories in question and process those dimensions?
Hi Pablo,
If your requirement is clearing only transactional data you can clear via clear data manager package and if you want delete master data of time and category, first you need to clear all the trasactional data of that member and then delete master data. You can not delete directly master data without deleting trasactional data, if there is data associated to that member system will not allow to delete member.
Regards,
Shrikant -
Best practice for upgrading task definition without deleting task instances
best practice for upgrading task definition in production system without deleting or terminating task instances
If I try and update a task definition with task instances running I get the following error:
Task definition 'My Task - Add User' may not be modified while there are active task instances
Is there a best practice to handle this. I tried to force an update through the console but that didn't work. I tried editing the task from the debug page and got the same error.1) Rename the original task definition.
2) Upload the new task definition with the original name.
3) Later, after all the running tasks have timed out, delete the old definition.
E.g., if your task definition is "myWorkflow":
1) Rename "myWorkflow" to "myWorkflow-old-2009-07-28"
2) Upload the new task definition as "myWorkflow".
Existing tasks will stay linked to the original (renamed) workflow definition.
New tasks will use the new definition.
As the previous poster notes, depending on the changes you are making, letting the old task definitions stay active could have bad side-effects and might be better avoided. -
What are the best practices to migrate VPN users for Inter forest mgration?
What are the best practices to migrate VPN users for Inter forest mgration?
It depends on a various factors. There is no "generic" solution or best practice recommendation. Which migration tool are you planning to use?
Quest (QMM) has a VPN migration solution/tool.
ADMT - you can develop your own service based solution if required. I believe it was mentioned in my blog post.
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.
Maybe you are looking for
-
Any good suggestions for a webcam that is: -Not large, preferably a small one or medium-sized (one that can clip onto a flat screen monitor is ok, or one that stands on the desk) -Compatible with Snow Leopard -Mic included -USB/Firewire -High quality
-
Paper Layout displayed instead of Web Layout
Hello All, I've developed a report in Reports 10g and saved it as a jsp file, having both paper & web layout. I've also designed a form in Oracle forms 10g with a list item displaying the list of all reports available. I've written the following piec
-
What is varient ?
-
How to Display 10 columns in first page,next columns in second page in smartforms in sap.
In internal table having 30 columns of data. i have to display like first 10 columns in first page with page no :1 second 10 columns in second page with page no :2 third 10 columns in second page with page no :3 how to develop this. please how develo
-
Hi, When I start my application in weblogic 7.0 SP4, I get the following exception. Any idea waht is missing inthe path or class path? Please ensure that libmuxer library is in :'/opt/java/j2sdk1_3_1_08/jre/bin/../lib/sparc/hotspot:/opt/java/j2sdk1_3