Re: Script deleting HR accounts
That's just stupid having a script delete accounts in automated fashion.
Er, if you've got a few dozen users perhaps. When you're doing dozens/hundreds of account expiry/deletion operations a day, you do not want someone having to go through all that by hand.
It's silly if you've only got a relatively small user base as well, because you are wasting a LOT of time doing stuff manually. You're actually more likely to introduce errors by hand than doing it using a robust automated process.
What you should do is in ensure the process/checks prior to your automated part is robust, with some contingency in case of manual error. For example, for us, a contractor termination date must be entered into the HR system first. If HR has it wrong, we are not accountable for their mistake.... but we have baked in a 30 day interval where an account is only disabled on that termination date, prior to deletion.
Then you carefully TEST your scripts (in a non-production environment first, and then in production, scoped to a specific user set) and make sure that you have subroutines to catch exceptions and flag errors. And good backups. And as others have said, peer review.
Biting the hand that feeds IT
