Thursday 28 August 2014

Inactive user and computer accounts of Active Directory open gates for hackers and can cause serious security issue for you. Such inactive accounts might be belong to users who have left the organization, or users who log-on in their accounts very rarely or users who have moved to some other positions and such accounts are no longer useful from them. Regular checkup of AD to detect inactive accounts can help you and you can manage such accounts by disabling, deleting, moving them to other OU or by resetting password.

Inactive user and computer accounts in AD can detect by following dsquery commands

For Users:

dsquery user -inactive <NumWeeks>

If you want to find out the users who have not logged in their accounts from past 12 weeks then use above query as dsquery user -inactive 12

For Computers:

dsquery computer -inactive <NumWeeks> 

If you want to find out the computers who have been idle from past 12 weeks then use above query as dsquery computer -inactive 12

Identifying and managing inactive account is really a very time consuming and tiring task. You can also use and automated software for Active Directory Cleanup( http://www.lepide.com/active-directory-cleaner/ ) for this. 

5 comments:

  1. Thanks for sharing the helpful information, I found good information about how to find inactive AD accounts. I tried this Active directory Cleanup tool manages all inactive users account who left the company and clean all inactive active directory account. It helps to find out inactive Active Directory accounts and move inactive accounts to another OU.

    ReplyDelete
  2. Very Useful Information about "How to find inactive user and computer accounts in AD environment". Thanks for sharing...!! . This tool easily find out inactive users and create a comprehensive report who have not logged on within last x number of days.

    ReplyDelete
  3. Great help, thanks for sharing such a nice information. This software easily generates list of all inactive users accounts in AD environment and get accurate report on real last logon details of accounts.

    ReplyDelete
  4. Outstanding software! This Active directory cleanup tool helps me to identify stale computer accounts and clean a large number of unused computer accounts out of active directory.

    ReplyDelete

Subscribe to RSS Feed Lepide-Simplifying IT Management!