Inactive user and computer accounts of Active Directory open gates for
hackers and can cause serious security issue for you. Such inactive accounts
might be belong to users who have left the organization, or users who log-on in
their accounts very rarely or users who have moved to some other positions and
such accounts are no longer useful from them. Regular checkup of AD to detect
inactive accounts can help you and you can manage such accounts by disabling,
deleting, moving them to other OU or by resetting password.
Inactive user and computer accounts in AD can detect by following dsquery commands
For Users:
dsquery user -inactive <NumWeeks>
If you want to find out the users who have not logged in their accounts from past 12 weeks then use above query as dsquery user -inactive 12
For Computers:
dsquery computer -inactive <NumWeeks>
If you want to find out the computers who have been idle from past 12 weeks then use above query as dsquery computer -inactive 12
Identifying and managing inactive account is really a very time consuming and tiring task. You can also use and automated software for Active Directory Cleanup( http://www.lepide.com/active-directory-cleaner/ ) for this.
Inactive user and computer accounts in AD can detect by following dsquery commands
For Users:
dsquery user -inactive <NumWeeks>
If you want to find out the users who have not logged in their accounts from past 12 weeks then use above query as dsquery user -inactive 12
For Computers:
dsquery computer -inactive <NumWeeks>
If you want to find out the computers who have been idle from past 12 weeks then use above query as dsquery computer -inactive 12
Identifying and managing inactive account is really a very time consuming and tiring task. You can also use and automated software for Active Directory Cleanup( http://www.lepide.com/active-directory-cleaner/ ) for this.
Thanks for sharing the helpful information, I found good information about how to find inactive AD accounts. I tried this Active directory Cleanup tool manages all inactive users account who left the company and clean all inactive active directory account. It helps to find out inactive Active Directory accounts and move inactive accounts to another OU.
ReplyDeleteVery Useful Information about "How to find inactive user and computer accounts in AD environment". Thanks for sharing...!! . This tool easily find out inactive users and create a comprehensive report who have not logged on within last x number of days.
ReplyDeleteGreat help, thanks for sharing such a nice information. This software easily generates list of all inactive users accounts in AD environment and get accurate report on real last logon details of accounts.
ReplyDeleteOutstanding software! This Active directory cleanup tool helps me to identify stale computer accounts and clean a large number of unused computer accounts out of active directory.
ReplyDeletehttp://www.esystool.com/cleanup-old-computer-accounts-in-active-directory/
ReplyDelete