nFront AD Disabler
Never worry about dormant accounts again.
Wouldn't it be nice to automatically disable any accounts that have not logged on in three weeks?
nFront AD Disabler can automatically disable inactive and dormant accounts within your Windows Active Directory. Disabling inactive accounts is not only a security best practice but it is also part of the PCI compliance requirements and the IRS 1075 guideline.
A Fully Automated Solution:
Some utilities simply offer reporting and leave the work of disabling accounts up to you. nFront AD Disabler is different. If is fully automated and once configured you need only review the daily activity reports which can be emailed to you in an HTML or PDF format.
- Determines last “true logon time” for all active directory accounts. In other words, it scans across all domain controllers to get the correct last logon time for each user.
- Can disable accounts even though all domain controllers are not available at the time of the query.
- Can skip system accounts like IUSR_<machine-name>.
- Do not disable the built-in Administrator account.
- Do not disable specific groups like a group for service accounts.
- Generates local HTML reports.
- Can email a PDF or HTML report of the dormant accounts to an Administrator.
- Builds a CSV file of disabled accounts.
- Maintains a running log of all accounts that have been disabled by nFront AD Disabler. This log does not track accounts that have been disabled outside of nFront AD Disabler.
- Smart enough to skip accounts that you created yesterday whose last logon time is “never.”
Up and Running in 5 minutes
You can install and configure the software in less than 5 minutes.
Example Report of Dormant Accounts:
nFront AD Disabler Report
Date of Run: 10/23/2008 1:09:48 PM
Active User Accounts: 910
|Disable Old Accounts:
|Ignore unreachable domain controllers:||False|
|Old Account Age (in days):||90|
|Reporting / Service Interval (in hours):||24|
|Report To Address
|Report From Addressfirstname.lastname@example.org|
Users with dormant account
||Last Logon Time
||3/17/2008 4:17:18 PM
||6/3/2008 2:03:36 PM
||Never logged on
Limitations of the evaluation version
- Reports up to 3 inactive accounts
- Does not disable any inactive accounts
- Windows 2000, 2003, 2003R2, or 2008 server
- 2 MB free disk space
- Microsoft .NET Framework 2.0 or later