Join Log in
Score:1
avatar Server

System or critical user never log in

mx flag
strongline

Besides Exchange, does AD itself, or other well known apps create user objects but never use it for login? I am trying to clean up inactive accounts and don't want to remove something that appears unused but actually important. Specifically, is it safe to remove any account whose lastlogonstamp is NULL (so it's never logged in) but was created long time ago (again, excluding Exchange objects)?

34
1 + 1
cn flag
Greg Askew
`is it safe to remove any account whose lastlogonstamp is NULL`. No it is not. There will always be exceptions. We aren't going to know what those exceptions are for your environment, you should review the accounts and see what makes sense for exceptions.
0
Reply
Score:1
Jevgenij Martynenko avatar Server
us flag
Jevgenij Martynenko

It is not safe to remove or even block accounts which has LastLogonTimeStamp set to NULL or every old date. Some LDAP authentication scenarios do not update this attribute in AD, although systems might be actively using an account.

Also, please see answer to https://serverfault.com/a/1079561/321227

+ 1
mx flag
strongline
Accepted as answer, though I am not convinced how an account is actively being used when lastLogonTimeStamp is not populated except a few well known setups. Also I'd belive bugs you mentioned have long been fixed.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.