Inactive Honorary Account Review Process

 

  1. Produce a list of inactive users
    1. A report from M365 that lists users, that have no activity within the last 9 months is exported regularly to a shared drive
    2. A daily script runs to disable inactive Honorary accounts. It ignores NHS Honorary Accounts , those on the  “Do Not Disable” list (see step 3.a.iv) and those whose “live” date is less than 9 months. It only processes those users who have not had Active Directory activity in the last 9 months.
  2. Notification and disablement
    1. The script sends an email to the user’s @abdn.ac.uk email from [email protected] with the subject line “Important - your IT account is due to be disabled” warning of disablement in 30 days
      1. The User Notes section in MIM will be updated with “Inactive Hon - Emailed on 31/10/2025 - Due for disablement 1/12/2025 “
    2. The script shares that same list of users with HR via [email protected] who will notify the UoA contact where possible (see Appendix)
    3. On day 31 (if no activity) then the daily script:
      1. Disables the account in MIM and change licence group to 1E, freeing up P1 licence and adds information into the User Notes section in MIM: "Inactive Hon - Emailed on 31/10/2025 - Disabled on 1/12/2025
      2. Shares the list of users with HR via [email protected] who will evaluate if Honorary status still needed (see Appendix)
        1. If HR closes an account within their system, the IT account will close as per the normal automated process, which leads to the eventual deletion of the account and all related data
        2. If HR decide the account should remain active on their system, the IT account remains in the disabled state
  3. After disablement
    1. If the user contacts the Service Desk:
      1. The normal ID verification takes place
      2. Servicedesk ask the user for justification for re-activation
      3. HR are notified and asked to decide on the reactivation of the IT account
      4. If accepted: 
        1. the call is passed to DCM and re-activation is as per the normal process (see Appendix). DCM then pass the call to Server Team
        2. Server Team add the user to the list of “Do Not Disable” accounts
      5. If rejected, then HR to contact user to inform them and go to step (b)
    2. If there is no contact:
      1. The account is left disabled.

 

Appendix

 

Re-enablement process for DCM:e

  1. Remove Emergency Disablement.
  2. Reinstate the correct licence type.
  3. Add a note to the MIM record.

 

Email to user 30 days notice:

Emails to HR. If multiple users, they are separated by “#####”