IT Connect
Information technology tools and resources at the UW

MI inactive user summary

The Microsoft Infrastructure (MI) service will add disable and delete events to the lifecycle process it uses to manage user accounts in the NETID Active Directory (AD) and the UW Azure AD. Since Azure AD user accounts are provisioned based on NETID AD accounts, removal of an AD account results in removal of the Azure AD account.

Note: After this point in this document, unless we specify otherwise, when we say “account” we mean both the NETID AD user account and the Azure AD user account. The scope of this change does not affect the underlying UW NetID.

Current account lifecycle behavior is:

  • UW NetIDs without a password and those that lose the password service are disabled and otherwise treated as unused (in place already–this is current design)
  • UW NetIDs which get a new password result in a re-enabled user account

We are adding two new behaviors:

  1. User accounts that are not considered currently in use will be disabled
  2. User accounts that have been disabled for a year will be deleted

Indicators that qualify a user account to be considered in current use are:

  • UW NetID password has changed in last year
  • NETID AD or Azure AD have recorded a logon in last year
  • UW NetID has a current employee or student affiliation (more specifically: UW eduPerson affiliation=member)
  • A business partner, such as the MSCA service or a delegated OU, have identified the user account as one which provides a currently active resource but does not logon, e.g. an Exchange resource mailbox
    • Each delegated OU will have a group _accountsthatdonotlogon to specify accounts they believe do not logon and should be considered active
    • MSCA has identified all accounts eligible for Office 365 services as active

Temporarily unused accounts can easily return to service without significant impact–the primary way for this to happen is to set the UW NetID password (see Reactivation). Longer absences of use will result in a new user account with the same UW NetID, which may mean the user will need to re-establish access to resources for which that account had previously been granted explicit access (rather than via a group membership).

[subpagelist link=“More information” tilebox=false ]