and more in a single search tool across platforms. Read the announcement here. |
05/02/2023 10:59 AM
Hi,
We have a requirement to find out and report dormant accounts in Active Directory, i.e. such accounts which are still in active state but have not been used for a specified number of days eg : 60 days.
Which can be the best possible attribute of Active Directory to find out such accounts. Would lastLogonDate/lastLogonTimestamp be an appropriate attribute to find out such accounts ?
Best Regards,
Varun
05/02/2023 12:33 PM
lastlogontimestamp would be the most accurate
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attri...
05/03/2023 05:15 AM
@GKA - For Service Accounts, lastlogontimestamp is not an appropriate attribute because a Service Account is non interactive. Can you please suggest something for Service Accounts.