Free Tool of the Week: Automatically Track Inactive User Accounts

Do your corporate security policies and compliance regulations require that Active Directory (AD) user accounts be disabled after certain period of inactivity? It's good security practice, and doing so keeps AD clean and organized.When an employee leaves your organization, you need to disable that user account.

Jason Bovberg

April 7, 2011

2 Min Read
ITPro Today logo

Do your corporate security policies and compliance regulations require that Active Directory (AD) user accounts be disabled after certain period of inactivity? It's good security practice, and doing so keeps AD clean and organized.

When an employee leaves your organization, you need to disable that user account. In a perfect world, that would happen the moment the employee walks out the door. In the real world, though, it might be weeks or even years before you realize that you forgot to delete that account. Or perhaps you're not even aware that this person left!

Consider also that HR might only keep information about "primary" user accounts and be unaware of additional user accounts lurking in the system. What if someone creates a user account and leaves it untouched for long periods of time—in the interest of performing some kind of malicious activity?

Inactive Users Tracker lets you automate the management of inactive user accounts. The program periodically checks all user accounts in specified domains and reports all accounts that have been inactive for more than specified number of days.

Some of the benefits:

  • Checks all users, and reports those that have been inactive for a specified number of days

  • Automatically deactivates inactive user accounts, either by disabling or setting a random password, moving to another OU, or finally deleting such accounts

  • Sends notifications to managers about their inactive direct reports

  • Can send reports to IT auditors to ensure regulatory compliance (e.g., SOX, HIPAA, SAS-70)

To detect inactivity, the tool checks every user account's lastLogon and lastLogonTimestamp attributes, which represent the last time a user was authenticated by a specific DC. AD doesn't replicate these attributes; as a result, the values will be different on each DC. Inactive Users Tracker handles this correctly: It queries all DCs in the domain and uses the most recent logon time, sometimes called the "true last logon."

You can watch a demo of the product here.

About the Author

Jason Bovberg

Jason Bovberg

See more from Jason Bovberg
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok
Unified Communications
Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?
byBrien Posey
Sep 12, 2024
4 Min Read
person placing a block between two columns of blocks
IT Management
Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?
byNathan Eddy
Sep 7, 2024
7 Min Read
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge
byIan Horowitz
Aug 30, 2024
1 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
a wall and fire with the words linux uncomplicated firewall (ufw) tutorial, configure and manage
Linux OS
Linux UFW (Uncomplicated Firewall) Configuration Made EasyLinux UFW (Uncomplicated Firewall) Configuration Made Easy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles