Identifying Unused Accounts

by Mitch Tulloch [Published on 11 July 2007 / Last Updated on 11 July 2007]

How to identify unused user accounts.

A company I know wanted to identify any user accounts belonging to users who had not logged onto the network for an extended period of time. After discussing several options, they came up with the following solution: use the DSQUERY computer -inactive NumberOfWeeks command to identify all machines that were not logged on to Active Directory during the specified NumberOfweeks.

Note that the command above should be used if your domain is running at the Windows Server 2003 functional level. If your domain still has Windows 2000 computers in it and is running in the mixed-mode functional level, use DSQUERY computer -stalepwd NumberOfDays instead.

***

Mitch Tulloch was lead author for the Windows Vista Resource Kit from Microsoft Press, which is THE book for IT pros who want to deploy, maintain and support Windows Vista in mid- and large-sized network environments. For more information see www.mtit.com.

Featured Links