Inactive Users for Active Directory Documentation information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users
order | download | documentationlicense

Google

Us Web

 

home
Server Maintenance Portal
ITPro ToolKit
Inactive Computers
Inactive Users
Change Passwords
Remote Shutdown 
System Comparison
   
Clients
Contact Us
About Us

Absolute Dynamics (energetic responses, ending with a positive solution)

energetic responses, ending in a positive solution

4835 Heathrow
Alvin, Texas 77511
281.650.1881

2001-2007
Absolute Dynamics
All Rights Reserved


  1. Introduction

  2. Requirements

  3. Installation

  4. Licensing and Registration

  5. Using Inactive Computers

  6. Scanning Active Directory for Inactive Computers

  7. Managing Inactive Computers

  8. Command Line Options

  9. Working with Multiple Domains

  10. Inactive Users for AD vs. Inactive Users 2003


Introduction

Inactive Users for Active Directory is Information Security Software that will scan Active Directory for inactive user accounts, then move or disable them.

  • Search Active Directory by name and/or container
  • Specify the number of days inactive
  • All domain controllers are scanned for Last Logon Date
  • Users that have never logged on are also identified
  • Easy to automate using command line parameters
Back to Top

Requirements

  • Windows XP or Server 2000/2003 is required on the system where Inactive Users for Active Directory is executed
  • Microsoft Directory Services is required.  All user accounts must be a member of the same Active Directory Domain.
  • Account Operator rights to Active Directory is required.
Back to Top

Installation

Copy the executable (INACTIVE-USERS.EXE) to a dedicated folder on your computer and launch it.

Back to Top

Licensing and Registration

Inactive Users for Active Directory (product) is licensed per Systems Administrator.   Please review the End User License Agreement for details.

To register Inactive Users for Active Directory, copy the registration file sent to you by Absolute Dynamics to the same folder as INACTIVE-USERS.EXE.  When the executable is launched, the product will automatically be registered.

Absolute Dynamics provides the following benefits to our customers:

  • E-mail support
  • Elimination trial version limitation
  • Additional licenses can be purchased at anytime
  • Input into the future design all Absolute Dynamics products
  • Free upgrades for the first year
Back to Top

Using Inactive Users for Active Directory

Inactive Users for Active Directory is very powerful.  USE WITH CAUTION!  Disabling users accounts will break domain logons.

Usage Tip:  Use this utility to move and disable inactive users to an empty container, then use Active Directory Users and Computers to delete the user accounts at a later date.

Back to Top

Scanning Active Directory for Inactive Users

By default, Inactive Users for Active Directory will search all users from the root of the current domain that you are logged on.

information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users

Search Filter: You can specify a user name (samAccountName) search filter in the first field above.  If you enter A, all usernames beginning with the letter A will be scanned.  If you enter *A, all usernames containing the letter A will be scanned.  By default all usernames are scanned.

Start Path: You can also change the start path of the search by selecting a container from the list.  The selected container and all sub-containers will be scanned for inactive users.

Days Inactive: Enter the number of days the user has been inactive. Each domain controller is scanned to determine the last logon date.  The last logon date is used to calculate the number of days since the last successful authentication.

Back to Top

Manage Inactive Users

Once you've found the list inactive users based on your search criteria.  You're presented with the following options: (click the graphic below to enlarge)

information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users

Remove from List: The selected user will be removed from the list.  It is not removed from Active Directory, just the list of users you are working with.  It's important to carefully review the list and remove users that you don't want processed.

Open CSV: Opens a CSV file containing the information in the list.

Move: Prompts for a destination container.  Moves all of the users in the list to the destination container.

Disable: Disables all of the user accounts in the list.

Enable: Enables all of the user accounts in the list.

Once an action is taken to Move, Disable or Enable, a status bar will keep you updated with the progress.  Once completed, a HTML report is displayed with the results.

Back to Top

Command Line Options

Inactive Users for Active Directory supports command line options and can be automated using a Task Scheduler.

information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users

Back to Top

Working with Multiple Domains

Inactive Users for Active Directory uses your existing credentials when searching, modifying or administering Active Directory user objects. To access other domains on your network, right click INACTIVE-USERS.EXE and perform a RunAs command against the executable, then specify the proper domain credentials.

Back to Top

Inactive Users for AD vs. Inactive Users 2003

Inactive Users for Active Directory was the original release and was written for a Windows 2000 Active Directory environment. It uses the lastLogon attribute to calculate the number of days inactive. This attribute is replicated across domain controllers. Therefore, each domain controller is scanned and the latest logon date is obtained to get the true last logon.

Inactive Users 2003 was written specifically for Active Directory running at a functional level of Windows 2003 (i.e. all domain controllers are running Windows 2003). Microsoft created a new attribute in this version of the Active Directory schema named lastLogonTimestamp. This attribute is replicated across domain controllers, therefore, only one has to be scanned. This design allows Inactive Users 2003 to run much faster.

Another important difference is that since lastLogonTimestamp is replicated, special safeguards needed to be put in place so that users that logged in repeatedly over a short period of time did not cause unnecessary replication traffic. For this reason, the lastLogonTimestamp is updated only if the last update occurred a week or more ago. This means that the lastLogonTimestamp attribute could be up to a week off in terms of accuracy with a user's actual last logon. Ultimately, this shouldn't be a problem for most situations because lastLogonTimestamp is intended to address the common problem where administrators want to run a query and determine which users have not logged in over the past 30 days or more. However, because of this you may see variations in the results of each version.

 Back to Top


inactive users | order| download | documentationlicense

information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users information security software, active directory user management, inactive users, stale user accounts, search active directory, lastlogon date, active directory lastlogon, true lastlogon, move stale user accounts, disable stale user accounts, lastLogon, move inactive user accounts, disable inactive user accounts, search inactive users, find inactive users