A recently developed automated system for closing the various computer-related accounts of employees who leave the Lab is being expanded. On April 1, the Termination Notification System (TNS) will go into production, serving the Earth Sciences Division (ESD), Energy and Environmental Technologies Division (EETD) and Environment, Health and Safety (EHS) Division. This system, which has been tested by the Information Technologies and Services Division (ITSD) for the past four months, provides for an automatic notification process triggered by an employee termination (based on data in the Human Resource System).

Kamala Green, the operations manager for the HR center in Bldg. 90 and point-of-contact for the divisions adopting the system, called the system a “bonus” that will help lighten the load for supervisors. “It will definitely assist us with the termination process,” she said. “With TNS, supervisors will not be responsible for assuring that various LDAP accounts are deactivated."

According to the RPM, Division Administrators are to "Ensure that all user IDs and passwords used by terminating employees and guests are deactivated or continued through a Laboratory sponsor.”

While the direction is clear, the solution has been less so. The problem is getting the termination requests in a timely manner and determining what accounts the departing employee actually had. The current process can be time-consuming and requires a number of manual steps to complete in a timely manner. One of the biggest challenges is identifying all the accounts the departing employee actually had. Consider the possibility that an employee might have email, calendar, Novell, UNIX, remote access, telephone, LETS, and NT domain accounts, which are all under the purview of the Information Technologies and Services Division, as well as others that ITSD is not even aware of, such as local system accounts maintained by division personnel.

The Termination Notification System was developed to take care of many of these account closures. The system initially applies only to LDAP -- the account authentication mechanism used for email, calendar and a variety of ISS applications like Human Resources’ Self-Service page, PC backup services from Connected Corp., Novell access, and the ITSD “lbnl” NT master domain membership. In the future, it will probably be extended to cover all of the services ITSD offers.

Daisy Guerrero in the Information Systems and Services Department is the project lead for TNS. Her team developed the Web interface that customers can use to verify the accounts that each employee has and to request changes to the default disable and deletion schedule.

Read more about the system.