Should there be an announcement or at least a ping of other group
managers just to make sure there are no objections? While unlikely,
I'm a little concerned that a rogue group manager could cause some
harm on their way out the door, for example.

I think a good solution for this would be needing +1s on the ticket from

group members before it can be deleted, with a few possible exceptions

of old groups with only 1 or 2 people in them.

> We now have 5 requests to remove various no longer used groups.
>
> I've enabled audit logging on our ipa01 instance, so we have audit logs
> (and I intend to back them up and keep them forever). So we can tell
> when a group was deleted by whom. We also have a db dump from fas2
> before the switchover where we can look at who was in what group or what
> created it.
>
> So, I would like to propose:
>
> * we will remove groups on request/ticket from a group manager.
> * we will not seek out groups to remove, as them being there doesn't
> really hurt anything.
>
> Thoughts?

Otherwise I think if we have the audit log then we should be free to

delete the groups as needed. It will likely be a rare request in future, the

new account system has triggered a spring clean I think.

Mark