{"id":320,"date":"2016-05-04T08:01:10","date_gmt":"2016-05-04T08:01:10","guid":{"rendered":"http:\/\/blog.anakage.co.in\/?p=320"},"modified":"2022-01-17T09:46:38","modified_gmt":"2022-01-17T09:46:38","slug":"how-to-find-inactive-users-in-active-directory","status":"publish","type":"post","link":"https:\/\/www.anakage.com\/blog\/how-to-find-inactive-users-in-active-directory\/","title":{"rendered":"How to find inactive users in Active Directory"},"content":{"rendered":"<p style=\"text-align: justify; padding-left: 30px;\"><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/p4cdn4static.sharpschool.com\/UserFiles\/Servers\/Server_1448531\/Image\/Staff%20Images\/Facilities\/image_maintenance.png\" \/><\/p>\n<p style=\"text-align: justify; padding-left: 30px;\">In a large organization with many employees, groups, devices an inactive account can become security and auditing nightmare. Normally established company policies take care of de provisioning a account when it is not needed but a extra check on the part of administrator would always be a pro active step .<\/p>\n<p>Generally,\u00a0admins mostly use\u00a0Get -AdUser\u00a0filter for finding the user accounts. There are many ways to query the active directory database for user accounts. One of them is Search -ADAccount to get details about the user accounts, computers and service accounts. We will see flavors of Search -ADAccount to find various kinds of inactive users.<\/p>\n<p><strong>To Find\u00a0Password Expired Accounts<br \/>\n<\/strong>Once password expires for an account it is unusable until password is changed. Finding such accounts in Active Directory could be an indicator of a stale account. We can use &#8211;\u00a0<strong>Search -AdAccount -PasswordExpired\u00a0\u2013UsersOnly<\/strong><\/p>\n<p>Here &#8220;UsersOnly&#8221; is a switch used to extract only user accounts instead of all computers as well as service accounts.<\/p>\n<p><strong>To Find Inactive Accounts<br \/>\n<\/strong>Search-AdAccount alleviates Get -AdAccount hassles\u00a0by giving\u00a0the -AccountInactive\u00a0parameter. By using a\u00a0TimeSpan\/DateTime\u00a0object as the parameter argument, age can be specified for the query. \u00a0Using the AD attribute\u00a0LastLogonDate\u00a0&#8212; which is a friendly version of\u00a0LastLogonTimestamp\u00a0Search-AdAccount &#8212; can easily give you a view of all those stale accounts.\u00a0For example, to find all accounts that haven&#8217;t been active in 30 days<\/p>\n<p>Syntax:-\u00a0<strong>Search-AdAccount -AccountInactive -Timespan 30.00:00:00 -UsersOnly<\/strong><\/p>\n<p><strong>To Find Disabled\/LockedOut Accounts<br \/>\n<\/strong>Finding disabled accounts is a cinch with Search-AdAccount.<\/p>\n<p>Syntax: &#8211;\u00a0<strong>Search -AdAccount -AccountDisabled -UsersOnly<\/strong><\/p>\n<p>These commands will only help you to identify inactive user accounts but it is your job to verify whether they are actually inactive for valid reason. Somebody might be at client place or might have gone to sabbatical. In any case being aware is better than ignorance.<\/p>\n<p><strong><em>With Anakage intelligent training\u00a0technology it is easier to learn these concepts . It guides you step by step on\u00a0your system. Above topic being discussed is also part of our \u201cLearning Application\u201d\u00a0for Windows Active Directory. If you want to evaluate it let us know by sending a mail to us at <a href=\"mailto:enterprise@anakage.in\">enterprise@anakage.in<\/a> . You can know more about our <a href=\"http:\/\/anakage.in\/Real%20time%20training%20on%20SAP%20Oracle%20Excel%20Salesforce%20Service%20Now%20-%20Anakage.html\" target=\"_blank\" rel=\"noopener\">offering for training<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a large organization with many employees, groups, devices an inactive account can become security and auditing nightmare. Normally established [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":351,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_themeisle_gutenberg_block_has_review":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5],"tags":[],"coauthors":[91],"class_list":["post-320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-training"],"views":299,"jetpack_featured_media_url":"https:\/\/www.anakage.com\/blog\/wp-content\/uploads\/2016\/05\/activedir.jpg","jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/posts\/320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/comments?post=320"}],"version-history":[{"count":0,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/posts\/320\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/media\/351"}],"wp:attachment":[{"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/media?parent=320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/categories?post=320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/tags?post=320"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.anakage.com\/blog\/wp-json\/wp\/v2\/coauthors?post=320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}