Validating server principals with Active Directory
This is a question about methods as much as about "How To ...", I'm interested in how other SQL Server admins tally their Server Principals that are type G or U against Active Directory. Do you have processes that enforce a server principal deletion when an AD account is disabled/deleted? How do you verify/audit this process? Do you keep a server principal if you identify it has no related database principal? Any thoughts, ideas, experience will be interesting to hear.
I noted (and voted) this question back when you originally posted and waited to see what others had to say..... not much by the looks of it. I must admit to being a little lax on this. We have principals that are deactivated in AD but still exist on SQL Server. Some sort of automated clean-up is an entry on the to-do list, but has a very low priority. Do you have anything implemented since your original question?