Accounts that have not been used in the past six months and are no longer necessary. Stale accounts are often inactive user accounts. They are an account from a user who no longer works there that was never deactivated or they are an account that was created and forgotten about for some other reason.
According to Microsoft, over 10% of user accounts in Active Directory have been detected as inactive otherwise known as “stale”, based on the last time the password was changed or the user’s last logon timestamp.
Stale accounts in Active Directory pose a security risk to organizations because they can offer attackers, or even former employees, a straightforward route into an organization’s environment. Even if the inactive user account lacks privileges, it remains susceptible to exploitation in privilege escalation attacks.
Organizations must introduce the proper technical processes and department communication to remediate the risk of inactive accounts in Active Directory.
Enzoic for Active Directory Lite tracks these accounts and reports on them to allow admins a chance to take action with those accounts or deprovision them.
Inactive, accounts can easily grant an attacker or former employee unauthorized access. Organizations should clean them up regularly to keep their environment more secure. To learn more about stale accounts and other critical risk factors for passwords in Active Directory, visit our blog: https://www.enzoic.com/blog/enzoic-for-ad-lite-data-2023/