Some of my coworkers believe that accounts should never be deleted, just locked.
Some of my coworkers believe that accounts should always be deleted.
I like a combination of the two. First, lock the account. This should tell you if there are programs running as the user, crontab entries, etc. After a few weeks remove the account. If the account is gone there is no chance it’ll get unlocked somehow, get hacked, send spam, conflict with another UID, or make your life difficult in the future.
That’s the approach I take as well…I also archive their old data since some manager 6 months down the road will want that persons data..It never fails..