Question

  Asked: Apr 13 2008   10:36 PM GMT
  Asked by: Mvuyi


How to clean up dormant accunts in active directory


Active Directory, Active Directory Users and Computers

Implementation plan for cleaning up dormant accounts and inactive acounts in an active dierectory

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0



You could use the queries tool in aduc to find accounts that have not been used for x amount of days and then use a dsquery string to disable those accounts.

I suppose it depends on the size of your organisation and how much user knowledge you have, as you have to think about the possibility of accidentally disabling then deleting a user account who is mearly on maternity leave of extended sickness.

One thing I think would be a good idea is to look for accounts dormant for more than 3 months say, disable them and then send an email to the head of department asking about the status of the user, if they've left then bingo delete it, if not leave it disabled, and always say in the email that if you dont hear anything back within 2 weeks then the account WILL be deleted (otherwise you know they will ignore your email).
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Microsoft Windows.

Looking for relevant Microsoft Windows Whitepapers? Visit the SearchWinIT.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Wrobinson  |   Apr 20 2008  7:12AM GMT

You may be able to cross-reference some of the accounts with human resources for terminated employees. It is important to consider that all of the domain controllers in the environment must be polled to determine the last log on time for a user. There are some tools that can automate the process such as DumpSec (http://www.somarsoft.com).