Many corporate security policies and compliance regulations require that Active Directory user accounts must be disabled after a certain period of inactivity. This is a good practice; doing so keeps Active Directory secure and clean. For example, someone can create a user account, leave it untouched for many days, and then use it to perform malicious activity against an organization. Another example is employee retirement: User accounts must be disabled when an employee quits an organization, but in practice, IT departments are usually the last to know when somebody leaves. Also, most HR databases only keep information about the "primary" user account and know nothing about additional user accounts.
Netwrix Auditor automates the management of inactive user accounts. The program periodically checks all user accounts in specified domains and reports all accounts inactive for more than specified number of days.
This feature is available in the Netwrix Auditor solutions for:
To detect inactivity, the product checks the "lastLogon" and "lastLogonTimestamp" attributes of every user account, which represent the last time a user was authenticated by a specific DC. AD doesn't replicate these attributes; as a result, the values will be different on each DC. Netwrix Auditor handles this correctly: It queries all DCs in the domain and uses the most recent logon time, sometimes called the "true last logon".