cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
matthew_pahls
Lookout

Service Accounts

Jump to solution

At what point do you consider an account dormant and disable it? What are you using to determine if an account is not being used?

1 Solution

Accepted Solutions
mkscarberry
Lookout

In AAD and AD, we check for last logged in.  If >90 days, we disable the account.   If after 90 days no one claims it, we move the account into OU=Disabled.   After 366 days in OU=Disabled, we purge it.

View solution in original post

2 Replies
mkscarberry
Lookout

In AAD and AD, we check for last logged in.  If >90 days, we disable the account.   If after 90 days no one claims it, we move the account into OU=Disabled.   After 366 days in OU=Disabled, we purge it.

aparker81
Deckhand III

Agreed.  We take the same approach.

0 Kudos
Reply