Why the Men's Room Needs a Domain Account

Last week, we received the draft results of our most recent audit. There were some interesting findings.

One of the findings said that we had too many disabled accounts. We have a lot of domain accounts for a company of our size. When we migrated from Lotus Notes to Exchange many years ago, the Exchange administrator created accounts in AD for generic mailboxes. When we started using unified messaging (where your voicemail is delivered to your inbox as a WAV file) that led to domain accounts being created for voicemail storage. When we implemented Sharepoint, the admin said we needed AD accounts for every entity that needed to to exist in the phone book. So accounts were created for conference rooms and other things needing to appear in the phonebook.

Most of these accounts would never actually be logged into. The generic mailboxes could be accessed by assigning Exchange permissions on the mailbox. The voicemail boxes were accessed either through assigning exchange permission or accessing messages through the phone. The accounts to get things into the phone directory didn't need to be logged into either. So the accounts were disabled.

That's why we have so many domain accounts that are disabled. According to the responsible system administrators, the accounts are necessary. It still seems kind of funny to have domain accounts for the mens and womens restroom. If the powers that be want those rooms listed in the company phone directory, that is the way it has to be.