I have recently inherited a lovely job from many of my predecessors, of clearing all the accounts out of AD.
We currently use a lovely piece of software called User Management Resource Administrator (UMRA), to manage the Rolling on and off of Student accounts. And my bosses want this extending to the Staff.
My first stage in the data cleansing is to remove all the reduntant accounts (this process being more urgent, as we are approaching UMRA's licence limit of 25000 AD objects).
What I want to do, is audit all accounts in AD and find ones which have not been used in over 12 months?
Is there a "Last Authenticated" attribute that I can use (UMRA can audit AD/LDAP attributes). My reason behind using last authenticated and not last logon, is that I don't want to accidentally delete service accounts, as over the years, I am sure there will be ones that have not been documented and thier removal will cause random systems to fall over.
Thanks in advance
Surely you will be able to see what is a service account and what is a user account from the name? true last login is all you will be able to do I think.
A simple way to do it would be to open AD, right click on 'Saved Queries' and then New Query.
In the window which opens up give it a name and then click 'Define Query'. In the box which opens up click the box next to 'Days Since Last Logon:'. You have a choice of 30, 60, 90, 120 or 180 days.
I'm affraid it doesn't go to 12 months but surely someone not using an account in 6 months is probably a dormant account.
Click ok, then run the query.
Just looking at this again, you could probably then export the query to an xml file, edit the xml so it looks at 360 days and then import it back in as a new query.
ranj (19th March 2010)
I used a program to few weeks ago to check the last logins of users!! for the life of me cant remember what it was called!! but I managed to remove over 400 old user accounts!!!
Thanks Guys, will give that a try.
Dovestones tools are on my list to trial in the future I think, as we are finding UMRA quite expencive. It is very powerful tho!
There are currently 1 users browsing this thread. (0 members and 1 guests)