The power of automation can help any organization get a better handle on Active Directory and on the overall security of their Windows environment. Unused user accounts that are left in Active Directory can be compromised, leaving security holes in your environment. Being able to search and disable these user accounts on an ongoing basis can increase this area of security. However, some unused user accounts might actually be service accounts that need to remain enabled to ensure they are available when needed. The question is, how can you perform such powerful automations with these detailed omissions? The answer is ADManager Plus!
First, ADManager Plus provides an easy way to generate lists of user accounts that have not been used in any given period of time, as specified by you. Figure 1 illustrates the ability to alter the time frame for which you want to view users that have not logged in.
Figure 1. The ability to view unused accounts based on various time frames.
In order to correctly “secure” these unused user accounts, it would be best to not only disable them, but to move them to a secured organizational unit (OU). ADManager Plus lets you perform that multi-step function with a feature called Automation Policy, which you can see in Figure 2.
Figure 2. ADManager Plus provides multiple step functions during automations.
Finally, since all service accounts need to be omitted from this automation function, how can this be accomplished? With ADMAnager Plus, you do this by configuring a refinement to eliminate all user accounts that contain “srv” in the name. If you have other attributes or characteristics regarding your service accounts, you can refine the omission of these accounts based on those characteristics. Figure 3 illustrates what this refinement would look like.
Figure 3. Refinement to exclude service accounts from an automation.
With these powerful yet simple configurations, you can establish a scheduled (hourly, daily, weekly, monthly, etc.) automation to secure your unused user accounts without disrupting any service account functions. To test ADManager Plus for yourself, download a free trial from here today.