asked on
unused but disabled accounts risk - AD
Is there any real risk associated in leaving accounts in AD in a disabled state over a long period of time. Either where account enabled = FALSE, or a historic account expires date has been set and therefore taken effect. I have found a batch of these accounts during a review, often with no login activity in a few years either, which I want to suggest are deleted, but I am not sure how much risk there is in leaving such objects in place. Can you think of anything in particular why this is a poor practice, from a general maintenance or security perspective ? Or does it pose no real risk whatsoever?
SecurityActive DirectoryWindows OS
Last Comment
DEMAN-BARCELO (MVP) Thierry
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.