Go to the next video →

If an account has not been used in several months it may not be valid anymore. Eliminating these accounts makes the environment cleaner and more manageable, and reduces the attack surface because attackers can’t hijack these and use these accounts to move around within your organization.

From the list on the left, find “No. of enabled but stale users,” click on it to highlight the selection, and click the “>” arrow to move it to the selection field (Optional: select the color of the chart using the drop-down menu).

Tips for interpreting this report

During an AD cleanup project this graph should have a downward slope from left to right as stale accounts are disabled or purged.  Once AD is in an operationalized state, the graph should have minor fluctuations upwards as accounts age out of usefulness and return to a consistent level after the accounts are disabled, or purged.  If there is a consistent upward trend over time, it means stale accounts are left enabled even after they have exceeded their usefulness.  This could put AD is at risk of falling into sub-optimal conditions and provides a wider attack surface for attackers trying to establish a foothold in the organization.

← Go back to the intro