We had our customer advisory committee meeting today where we discuss product priorities with a select group of customers. This is part of the Agile Methodology where a group of stakeholders help set priorities and define what features should look like.
As always, Active Directory group lifecycle was discussed; we are looking at new and improved ways to expire distribution and security groups and asked if this was really necessary. Our largest customer (over 350,000 user objects in Active Directory) stopped us immediately and said, “stagnant or stale objects in Active Directory increases our exposure.” He didn’t have to say anything more, group expiration is very very important to him.
Right now, GroupID expires Active Directory groups based on a time frame. Groups have a set amount of time to live, at a certain point notifications are sent for owners to renew groups, if that doesn’t happen, they expire (and stop functioning), then ultimately get deleted. This group lifecycle applies to both Active Directory security groups and Exchange distribution groups.
Group owners have the opportunity to renew their groups at any time before or after expiration. Admins can expire a group and renew them. They can even run PowerShell commands to expire groups in bulk if they don’t want to go through the MMC.
The point is, make sure group owners really want that group before letting it become stale or stagnant.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.