The dsquery command line tool searches for AD objects according to the specified criteria. After a certain period, they can be deleted forever.įor this purpose, you can use either the Command Prompt or professional Active Directory cleaning solutions.įinding inactive accounts, and disabling or deleting them can be performed using the command prompt, by using the following command line tools: Such accounts can be disabled after moving them all to a single OU. It is recommended that you first find out all the inactive accounts. After that period, computer/user accounts can be considered as inactive. Most of the organizations have a well-defined policy to deal with such obsolete accounts.ĭepending on the situations prevailing in the organization, one can decide on the maximum inactivity period that can be allowed for the AD accounts. When AD accounts are not used for long periods, they need to be disabled and finally deleted. Active Directory administrators are very much aware of the security threats posed by inactive computer/user accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |