How to find and disable inactive users in Active Directory

Objective

Inactive Active Directory accounts pose a significant security vulnerability in every environment, as they are often forgotten and can be exploited for unauthorized access, leading to severe data breaches. Manually tracking inactive accounts in Active Directory is inefficient and error-prone. ADManager Plus transforms this complex task into a simple and automated process, helping admins clean up their Active Directory in minutes.

Steps to track inactive users

Finding stale accounts is the first step in the cleanup process. You can use ADManager Plus' inactive users report to instantly identify all inactive Active Directory users.

1. Log in to ADManager Plus.
2. Navigate to Reports > User Reports > Logon Reports > Inactive Users.
3. Select the domain and OUs that you would like to scan.
4. Specify the inactivity period that you would like to track.
5. Click Generate.
6. If you would like to filter the results, check the Exclude Never Logged On Users or Exclude Disabled Users option.

   

In seconds, you will have a comprehensive list of all inactive Active Directory users, with details such as their last logon time, distinguished name, and more.

Steps to disable inactive users

Once the report is generated, ADManager Plus allows you to take immediate action directly from the results. Manage stale accounts individually or in bulk using ADManager Plus' on-the-fly management capabilities, making the initial cleanup process quick and efficient.

1. From the generated Inactive Users report, select the user accounts you wish to manage by checking the boxes next to their names.
2. Click the Disable icon located above the report list to disable the selected users.
3. You can also delete, move, or perform other cleanup actions instantly by clicking the desired icons.

   

Steps to automate the entire cleanup process

You can also choose to automate the entire process by continuously tracking inactive accounts in Active Directory and managing them based on your organization's policies.

1. Navigate to the Automation tab.
2. Click on +Create New Automation.
3. Provide a suitable name and description for the automation.
4. Under Tasks to automate, select the follow-up task to be performed on the inactive users. For example, if you would like to disable inactive users in your Active Directory, select the Disable Users option.
5. In the From Report drop-down, go to Logon Reports and select Inactive Users.
6. Define the inactivity period and click OK.
7. Schedule the automation to run at regular intervals and click Save.

   

By implementing this automation, you ensure your Active Directory remains secure and clean without requiring any recurring manual effort, allowing your IT team to focus on more critical tasks.