SSW Foursquare

Do you Disable AD Users rather than Deleting for better CRM Reporting?

Last updated by Chloe Lin [SSW] 2 months ago.See history

When a user is created in Active Directory (AD), a Global Unique Identifier (GUID) is also created. As the name suggests this is unique for each user and is never duplicated in a domain.

guid
Figure: GUID for User Steven Andrews

When adding a user to CRM, they are assigned with an Employee ID that is linked to the AD account’s GUID.

aduser
Figure: AD User StevenAndrews is tied to STA Employee ID through AD GUID

When a user leaves, many companies go through the process of disabling the CRM account and then deleting the AD User.

This creates problems if the employee comes back to the company and a new AD account is created for them - they are no longer able to be associated with the previously created CRM account. Instead, they will need a new CRM user with a different Employee ID.

This makes reporting on a user that has returned more difficult. To get around this problem, it is better to disable and move the user to a "Disabled Users" OU in AD, so that if they return, the AD and CRM user can just be re-enabled.

delete user
Figure: Bad example - Don't delete users!

disabled users
Figure: Good example - Disable users and move them to a disabled users OU

Steven Andrews
Chris Schultz
Kaique Biancatti
Active Directory
We open source. Powered by GitHub