Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Report Dormant Accounts in Active Directory

varunpuri
Regular Contributor
Regular Contributor

‎05/02/2023 10:59 AM

Hi,

We have a requirement to find out and report dormant accounts in Active Directory, i.e. such accounts which are still in active state but have not been used for a specified number of days eg : 60 days.

Which can be the best possible attribute of Active Directory to find out such accounts. Would lastLogonDate/lastLogonTimestamp be an appropriate attribute to find out such accounts ?

Best Regards,
Varun

Labels:
0 Kudos
2 REPLIES 2

GKA
New Contributor
New Contributor

‎05/02/2023 12:33 PM

lastlogontimestamp would be the most accurate
https://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attri...

0 Kudos

varunpuri
Regular Contributor
Regular Contributor
In response to GKA

‎05/03/2023 05:15 AM

@GKA - For Service Accounts, lastlogontimestamp is not an appropriate attribute because a Service Account is non interactive. Can you please suggest something for Service Accounts.

0 Kudos
Copyright © 2024 Khoros, LLC