Solved: Service Accounts

matthew_pahls · ‎Aug 08, 2022

At what point do you consider an account dormant and disable it? What are you using to determine if an account is not being used?

mkscarberry · ‎Aug 08, 2022

In AAD and AD, we check for last logged in. If >90 days, we disable the account. If after 90 days no one claims it, we move the account into OU=Disabled. After 366 days in OU=Disabled, we purge it.

View solution in original post

mkscarberry · ‎Aug 08, 2022

In AAD and AD, we check for last logged in. If >90 days, we disable the account. If after 90 days no one claims it, we move the account into OU=Disabled. After 366 days in OU=Disabled, we purge it.

aparker81 · ‎Jun 21, 2023

Agreed. We take the same approach.