How to clean up dormant accunts in active directory
Active Directory, Active Directory Users and Computers
Implementation plan for cleaning up dormant accounts and inactive acounts in an active dierectory Question
Active Directory, Active Directory Users and Computers
Implementation plan for cleaning up dormant accounts and inactive acounts in an active dierectory 
Subscribe to Alerts! Get questions and answers delivered to your Inbox.
Answer Wiki (Improve, edit or add to this answer)
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
You could use the queries tool in aduc to find accounts that have not been used for x amount of days and then use a dsquery string to disable those accounts.
I suppose it depends on the size of your organisation and how much user knowledge you have, as you have to think about the possibility of accidentally disabling then deleting a user account who is mearly on maternity leave of extended sickness.
One thing I think would be a good idea is to look for accounts dormant for more than 3 months say, disable them and then send an email to the head of department asking about the status of the user, if they've left then bingo delete it, if not leave it disabled, and always say in the email that if you dont hear anything back within 2 weeks then the account WILL be deleted (otherwise you know they will ignore your email).
Browse more Questions and Answers on Microsoft Windows.
Looking for relevant Microsoft Windows Whitepapers? Visit the SearchWinIT.com Research Library.
Discuss This Answer
You must be logged-in to discuss a question. Log-in/Register
Wrobinson | Apr 20 2008 7:12AM GMT
You may be able to cross-reference some of the accounts with human resources for terminated employees. It is important to consider that all of the domain controllers in the environment must be polled to determine the last log on time for a user. There are some tools that can automate the process such as DumpSec (http://www.somarsoft.com).
