Dear All,

We are drafting the procedure to terminate our accounts. The below is the flow what we are going to do:

1. Disable the AD account

2. Disable the exchange accounts

3. Delete the AD account after 1 days

We have Lync enabled for this AD account, we just want to know do we need to disable the Lync account in Lync server before we delete the AD account?

Thanks,

Lync Users

Hi,

You do not need to disable the account in Lync server before you delete the AD account - the moment you remove the account from AD it will also remove it from Lync Server.

However, using the 3 steps you outlined above, you should bare in mind that even if you disable the AD account, the user will still be able to log into his/her Lync client and continue to use it - as at no point have you disabled their Lync functionality. Lync does not require that the users AD account be enabled, merely that it exists.

If you disabled my AD account, I could for example just pop out my network lead, log onto my pc with cached credentials, put my network lead back in and sign into Lync. Alternately I could sign into a common area phone that is enabled for hot-desking, or in some instances on a mobile device that I have already been using.

In answer to your question, you don't have to disable the account in Lync server for the removal of the user, but I would consider it best practice to 'temporarily disable for Lync Server' from the action menu if you would like to retain user config and settings for a period of time before finally removing the account (Much like you're doing with your 1 days grace on your AD accounts).

Kind regards
Ben

• Edited by BenDonaldson 21 hours 35 minutes ago
• Marked as answer by VLV2012 21 hours 28 minutes ago

Hi,

You do not need to disable the account in Lync server before you delete the AD account - the moment you remove the account from AD it will also remove it from Lync Server.

However, using the 3 steps you outlined above, you should bare in mind that even if you disable the AD account, the user will still be able to log into his/her Lync client and continue to use it - as at no point have you disabled their Lync functionality. Lync does not require that the users AD account be enabled, merely that it exists.

If you disabled my AD account, I could for example just pop out my network lead, log onto my pc with cached credentials, put my network lead back in and sign into Lync. Alternately I could sign into a common area phone that is enabled for hot-desking, or in some instances on a mobile device that I have already been using.

In answer to your question, you don't have to disable the account in Lync server for the removal of the user, but I would consider it best practice to 'temporarily disable for Lync Server' from the action menu if you would like to retain user config and settings for a period of time before finally removing the account (Much like you're doing with your 1 days grace on your AD accounts).

Kind regards
Ben

• Edited by BenDonaldson Sunday, December 15, 2013 2:15 PM
• Marked as answer by VLV2012 Sunday, December 15, 2013 2:22 PM

Hi,

You do not need to disable the account in Lync server before you delete the AD account - the moment you remove the account from AD it will also remove it from Lync Server.

However, using the 3 steps you outlined above, you should bare in mind that even if you disable the AD account, the user will still be able to log into his/her Lync client and continue to use it - as at no point have you disabled their Lync functionality. Lync does not require that the users AD account be enabled, merely that it exists.

If you disabled my AD account, I could for example just pop out my network lead, log onto my pc with cached credentials, put my network lead back in and sign into Lync. Alternately I could sign into a common area phone that is enabled for hot-desking, or in some instances on a mobile device that I have already been using.

In answer to your question, you don't have to disable the account in Lync server for the removal of the user, but I would consider it best practice to 'temporarily disable for Lync Server' from the action menu if you would like to retain user config and settings for a period of time before finally removing the account (Much like you're doing with your 1 days grace on your AD accounts).

Kind regards
Ben

• Edited by BenDonaldson Sunday, December 15, 2013 2:15 PM
• Marked as answer by VLV2012 Sunday, December 15, 2013 2:22 PM

Hi,

You do not need to disable the account in Lync server before you delete the AD account - the moment you remove the account from AD it will also remove it from Lync Server.

However, using the 3 steps you outlined above, you should bare in mind that even if you disable the AD account, the user will still be able to log into his/her Lync client and continue to use it - as at no point have you disabled their Lync functionality. Lync does not require that the users AD account be enabled, merely that it exists.

If you disabled my AD account, I could for example just pop out my network lead, log onto my pc with cached credentials, put my network lead back in and sign into Lync. Alternately I could sign into a common area phone that is enabled for hot-desking, or in some instances on a mobile device that I have already been using.

In answer to your question, you don't have to disable the account in Lync server for the removal of the user, but I would consider it best practice to 'temporarily disable for Lync Server' from the action menu if you would like to retain user config and settings for a period of time before finally removing the account (Much like you're doing with your 1 days grace on your AD accounts).

Kind regards
Ben

• Edited by BenDonaldson Sunday, December 15, 2013 2:15 PM
• Marked as answer by VLV2012 Sunday, December 15, 2013 2:22 PM

Hi,

You do not need to disable the account in Lync server before you delete the AD account - the moment you remove the account from AD it will also remove it from Lync Server.

However, using the 3 steps you outlined above, you should bare in mind that even if you disable the AD account, the user will still be able to log into his/her Lync client and continue to use it - as at no point have you disabled their Lync functionality. Lync does not require that the users AD account be enabled, merely that it exists.

If you disabled my AD account, I could for example just pop out my network lead, log onto my pc with cached credentials, put my network lead back in and sign into Lync. Alternately I could sign into a common area phone that is enabled for hot-desking, or in some instances on a mobile device that I have already been using.

In answer to your question, you don't have to disable the account in Lync server for the removal of the user, but I would consider it best practice to 'temporarily disable for Lync Server' from the action menu if you would like to retain user config and settings for a period of time before finally removing the account (Much like you're doing with your 1 days grace on your AD accounts).

Kind regards
Ben

• Edited by BenDonaldson Sunday, December 15, 2013 2:15 PM
• Marked as answer by VLV2012 Sunday, December 15, 2013 2:22 PM

Hi,

Disabling a user account in AD does not immediately disable the user from using Lync. The disabled user accessing Lync for up to nearly 6 months.

If user selects the Save my password check box signing in, Lync server will generate an certificate for the user distribute it to the personal certificate store to the user on the local computer. The certificate expires 180 days from the publication date and is used for further authentication for that user from that computer. Thus, they will still have access to all Lync features including IM, web conferencing and Enterprise Voice until the certificate expires.