With so many compliance regulations requiring controls over inactive users, it is important to ensure that these user accounts in Active Directory are correctly managed. There are significant security risks associated with leaving inactive users enabled or available (or both) in Active Directory.
In a previous blog on tracking down inactive users in Active Directory, I explained how you can leverage ADManager Plus to accomplish this task. However, I did not go over how to leverage the automation portion of ADManager Plus to complete this task.
Manually checking and controlling inactive users is a good approach. But an automated approach is much better, as administrators spend much more time ensuring that servers and applications are available than they do ensuring that inactive users are controlled.
When using a tool such as ADManager Plus, automating control over inactive users is a snap. In reality, the automation portion simply leverages ADManager Plus reports , which are highlighted in the blog mentioned above. Figure 1 illustrates how to leverage the built-in reports to create an automation that controls the inactive users.
Figure 1. Automation leveraging the Inactive Users report to control the inactive users.
As you can see, the automation simply leverages an automation policy (which performs the actions) and a report (which discovers the users). The automation policy is just as simple to create, which is shown in Figure 2.
Figure 2. Automation policy defines the actions that need to be performed.
With the report, automation policy, and automation, the inactive users are automatically disabled and quarantined at 5am every morning.