What would your definition of "unauthorized user accounts " in an AD environment? Can you provide an example of the types of accounts and parameters that would flag up such accounts? Out of interest, is there any easy way to list just for domain accounts whose passwords dont exprie - a last login date if it was >50 days ago.
So all domain accounts with password doesnt expire = yes. And last login date.
What procedures do you follow and how often to identify inappropriate user accounts?