Ask the Expert

How to clean up dormant accounts in Active Directory

How can I identify and clean up unused or dormant accounts in Active Directory?

    Requires Free Membership to View

Attackers looking to break into your network love stale accounts that have been sitting patiently and quietly in Active Directory (AD). These accounts may be from users who have left the company, or have moved to other positions and no longer need the access granted by their old accounts. They can sit unnoticed by your system administrators until a hacker masquerading as an employee who just hasn't logged on in ages brings them back from the dead.

Performing regular audits of Active Directory will help you identify unused accounts. Once you find them, disable them to help lower the security risk. Unfortunately, that won't eliminate risk because even a disabled account can be revived by a determined intruder. However, Windows Server 2003 does have a command line tool, dsquery, and a GUI in the AD Users and Computers snap-in, that can locate all disabled users in a domain. Once found, you can delete these accounts, either manually or by writing a custom script.

For unused accounts that have not been disabled, the AD Users and Computers snap-in has a Saved Queries interface. You can look for accounts that haven't be active for a fixed number of days – a number that may already be defined in your IT security policy – and then either notify the errant users to see if they're still active, or simply delete them.

More Information

This was first published in June 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: