Finding and disabling inactive accounts (Network Steve Forum)

Finding and disabling inactive accounts

As part of PCI DSS verification I have run a query in AD to find the accounts that are inactive for 90 days and have disabled them manually. However PCI scan is still failing with below message;

Verify inactive accounts
For all accounts on the system verify that they havent been inactive beyond 90 days. You must have a process in place to identify and review inactive accounts that have not been
used in 90 days and either remove or disable them.

My question is what is the best way to find the accounts inactive for 90 days and to disable them?

Thanks

Regards

Edited by Y a h y a 9 hours 17 minutes ago

August 21st, 2015 5:48pm

You can use powershell script for this

check these ones

http://blogs.technet.com/b/bahramr/archive/2008/01/25/powershell-script-to-disable-inactive-accounts-in-active-directory.aspx

https://gallery.technet.microsoft.com/scriptcenter/8f5016c1-c77b-4e95-8fbc-536057b2c2a5

Free Windows Admin Tool Kit Click here and download it now

August 21st, 2015 6:07pm

You can use a script but you may find that the active directory administrative center can make it quicker (depending on how your OU structure is setup.

August 21st, 2015 6:13pm

This topic is archived. No further replies will be accepted.