- Back to Home »
- Hacking/Security »
- Identify Unused Active Directory User Accounts With AD Tidy
Monday, November 14, 2011
Active Directory (AD) over a period of time can end up having many unused user and computer accounts. This creates unnecessary clutter in the existing OUs (Organizational Unit) and AD itself. These vacant accounts can also become a security loop hole if they are not kept disabled, as a redundant account (such as an old employee’s account) can be activated to extract company data. Even disabled user accounts on Active Directory can create problems in sorting and management of OUs.
AD Tidy is a handy application for identifying redundant user accounts. You can search Active Directorydomain users to find unwanted accounts and perform required tasks, such as, disable, remove, and move user accounts.
To identify unwanted accounts, click Edit Search Settings and choose a criteria. You can search user/computer accounts, exclude/include disabled accounts, search for accounts by login date, include accounts that have never logged in, restrict search to a specified container,etc.
Once you have configured settings, click Search. AD accounts will appear with relevant information in the search result which will help you identify unwanted accounts. The screenshot below displays a search result for disabled accounts. All disabled accounts are marked with as “Yes” in the Disabled accounts field.
Once an account has been identified, you can use the drop-down menu to select an action and then clickPerform Action or Perform Multiple Actions option to execute a relevant task(s). These tasks include deleting, moving, the user, setting description for the user, setting an account expiration date and deleting its home drive.
It works on Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008.
Download Link :-
Thanks for sharing this information about this tool, but I tried this active directory cleanup tool (http://www.lepide.com/active-directory-cleaner/) to identify unused or old user and computer accounts from active directory environment and manage inactive account and move them to another OU.
ReplyDelete