Find redundant AD accounts
I have recently inherited a lovely job from many of my predecessors, of clearing all the accounts out of AD.
We currently use a lovely piece of software called User Management Resource Administrator (UMRA), to manage the Rolling on and off of Student accounts. And my bosses want this extending to the Staff.
My first stage in the data cleansing is to remove all the reduntant accounts (this process being more urgent, as we are approaching UMRA's licence limit of 25000 AD objects).
What I want to do, is audit all accounts in AD and find ones which have not been used in over 12 months?
Is there a "Last Authenticated" attribute that I can use (UMRA can audit AD/LDAP attributes). My reason behind using last authenticated and not last logon, is that I don't want to accidentally delete service accounts, as over the years, I am sure there will be ones that have not been documented and thier removal will cause random systems to fall over.
Thanks in advance :cool: