never logged in accounts in AD

For what purposes may an active directory account have never of logged on to the domain, but may still be serving a specific purpose. We have a report of accounts that have never logged into the domain, and IT are considering disabling some, but can an accountt hat has never logged in before still be doing "something", and thus shouldnt be disabled? Please share your views on what that "something" could be.
LVL 3
pma111Asked:
Who is Participating?
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
I would not rely in this cane on lastLogon or lastLogonTimestamp attribute as you said, account may be used different way and does not have to be used to log on to any server.
In this case I would check pwdLastSet and whenCreated attributes.

Sometimes it may be the same date and time with password never expires but then you should know if this is still used in environment or not

Regards,
Krzysztof
0
 
pma111Author Commented:
>>as you said, account may be used different way and does not have to be used to log on to any server.


Can you provide some examples ?
0
 
netballiCommented:
I say, No need to keep them just delete them. as they simply possess a security risk.

Even if the account is a service account, if it has never logged in then it is not doing much for the application that needs it.  

Let your IT delete them.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
As example, some services may be set up on that account which is not allowed to log on to the system but may be running on it

Krzysztof
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.