Active Directory (AD) users’ IDs that have not been used for extended periods of time pose a threat to any organization, as these IDs could be used to gain illegal access to the network.  Most security policies and compliance regulations also mandate that Active Directory user accounts be disabled after a certain period of inactivity. The most common reason for the existence of inactive accounts are administrators not being notified or forgetting to disable accounts when employees leave an organization.

LT Auditor+ for Windows Assessment can quickly scan for and track inactive users in your Active Directory environment. A detailed report can be generated as shown below:

Users who've not logged in for 90 days

Benefits of scanning and monitoring for inactive user accounts with LT Auditor+

  1. Mitigating backdoor attacks and insider threats by ensuring that prior employee IDs are not used by disgruntled employees who have left the organization.
  2. Meeting compliance requirements from SOX, PCI-DSS, HIPAA, FFIEC, and NIST by demonstrating vigilance in scanning for such activity.

After discovering user IDs that need to be disabled, security administrators can run the LT Auditor+ AD User Accounts Enable/Disabled report to validate that these accounts were actually disabled. This is a great report to with which provide HR and compliance teams in order to document that specified Active Directory user accounts were disabled and, furthermore, to demonstrate that IT processes were followed.

User account - Enabled/Disabled Report

About LT Auditor+

LT Auditor+ is a suite of applications that provide real-time monitoring and auditing of Windows Active Directory and Windows Servers changes. The application audits-tracks-reports on Windows Active Directory, Windows Workstations Logon/Logoff, Windows File Servers, and Member Servers to help meet security, audit, and compliance demands or requirements. Track authorized/unauthorized access of users’ Logon/Logoff, GPO, Groups, Computer, OU, and DNS server changes with over 300 detailed event-specific reports and real-time email alerts. Reports generation can be automated, scheduled, and exported to multiple formats like PDF, Excel, HTML, and CSV that further assist with a forensic investigation.