How to clean up dormant accounts in Active Directory

Inactive or dormant Active Directory accounts can serve as a gateway for attackers. Learn how to identify and clean up inactive Active Directory accounts in this Identity Management and Access Control Ask the Expert Q&A.

Joel Dubin

How can I identify and clean up unused or dormant accounts in Active Directory?

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Attackers looking to break into your network love stale accounts that have been sitting patiently and quietly in Active Directory (AD). These accounts may be from users who have left the company, or have moved to other positions and no longer need the access granted by their old accounts. They can sit unnoticed by your system administrators until a hacker masquerading as an employee who just hasn't logged on in ages brings them back from the dead.

Performing regular audits of Active Directory will help you identify unused accounts. Once you find them, disable them to help lower the security risk. Unfortunately, that won't eliminate risk because even a disabled account can be revived by a determined intruder. However, Windows Server 2003 does have a command line tool, dsquery, and a GUI in the AD Users and Computers snap-in, that can locate all disabled users in a domain. Once found, you can delete these accounts, either manually or by writing a custom script.

For unused accounts that have not been disabled, the AD Users and Computers snap-in has a Saved Queries interface. You can look for accounts that haven't be active for a fixed number of days – a number that may already be defined in your IT security policy – and then either notify the errant users to see if they're still active, or simply delete them

Dig Deeper on Privileged access management

Fighting fit: The ODI on courting startups to use open data to get the UK moving The Open Data Institute is aiming to change the fact that millions of people in the UK are inactive, and is using open data and startups to help engage citizens to exercise.

Komprise unveils data management platform Komprise's data management platform appears as an NFS or SMB client. It crawls storage and points inactive file storage at object-based storage.

Win10 Lockscreen Images Unlocked Win10 lockscreen images appear when the OS starts up, or when inactivity turns off the display. Here's how to access and see or use those images elsewhere.

cold storage Cold storage is a computer system designed for retaining inactive data, such as information required for regulatory compliance, at low cost and high efficiency.

Infinite io storage controller accelerates NAS filers Startup infinite io launched a network-based storage controller that boosts performance on NAS filers and also moves inactive data to the cloud.

Infinite io releases NAS accelerator, cloud device Startup infinite io launched a network-based storage controller that boosts performance on NAS filers and also moves inactive data to the cloud.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

More on this topic

Please create a username to comment.

McAfee launches security tool Mvision Cloud for Containers

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

Transforming operations for successful cloud adoption

IT workforce skews younger, says analysis of US data

Top edge computing trends to watch in 2020

How to shut down and restart a remote computer

Setting up Windows 10 kiosk mode with 4 different methods

Microsoft extends Office 365 benefit to nonprofit volunteers

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

Alarm bells ring, the IoT is listening

New government faces calls to urgently deliver on pre-election pledge to review IR35 reforms

Future fashion: does that dress come in digital?

More on this topic

Related Resources

Dig Deeper on Privileged access management

Related Q&A from Joel Dubin

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.