It’s this time of the year again. I will probably receive notification for IT Audit in about 14 days. IT Audit is a process that is quite stressful for IT Managers. There is always something you can forget. There are just so many factors you can miss to review, from AD, Databases, ERP access, Backup, Security, Access rights, Server room and many more.
One option is to review all the documentation you have and to review notes from the last audit. Then you have to go through all the information. Either with the help of a reporting tool, if you have one or by going through the list manually.
I admit, in one of the previous companies I have worked for, I have missed several AD accounts which I did not disable before IT Audit. Partly it was HR fault, because they didn’t notify me of people leaving. Partly it was my fault, because I haven’t reviewed accounts regularly. If I had, I wouldn’t miss unused accounts.
There are great reporting tools you can use to see which accounts in Active Directory are not used for some time. And there are also great tools that can automate the whole process of review and action procedure.
Trend is to reduce manual work of IT technicians, to automate as much as possible. Last time we reviewed one of the tools that is great at reducing time of IT technicians called Lepide Active Directory Self Service. This time, we’ll take a look how to clean AD automatically.
Lepide Active Directory Cleaner Review
Idea of Active directory Cleaner is so simple, yet so effective. When you open a program, you will see screen divided in to two parts. Left part is a quick access menu. There you can access important settings and reporting. Right side is a Dashboard where you see a state of your Active Directory.
You will see immediately how many users you have, and how many are inactive. You can quickly navigate to desired OU to see situation in a department.
You will also see state of computers. Computers which are active are marked with the blue color and computers that are inactive are marked with a red color.
Right side of the Dashboard is dedicated to automation process. You see, you can automate account operation and save a lot of time, while at the same time you increase security.
If you want to review Inactive accounts, you can do that by going to the quick access menu on the left side and click on Inactive Accounts. Here you can filter data by type of account. You can select a user, a computer or both. Once you click on Generate, it will display all accounts that were Inactive (not used for selected period).
Never Logged On Accounts will report on accounts that were never logged on to your domain. You can use the filters like type or date.
Real Last Logon Details will show you when accounts were logged on to your domain. Great thing about Real Last Logon details is that you can see and filter by days, when account was logged on. At the same time you see email of particluar account, date when account was created and inactivity time in days.
You can schedule reports based on activity, log on status or never log on status. It’s good that you can disable sending blank reports if none of conditions match.
You can even set up multiple reports. You could send reports with accounts that had password changed to Helpdesk, so that technicians know they may receive additional calls. Or you can send reports about account inactivity to head of department, where you are changing passwords.
You could also send disabled account report to HR to confirm that accounts are indeed ready to be removed.
Automated Active directory cleaning
Lepide Active Directory Cleaner can automate AD cleaning. You can set up a policy which can Set random password on accounts that are were not used for desired amount of days. You can also disable Active Directory accounts automatically and you can move them to desired OU. You can set up condition for each option related to number of days.
For example, you can set random password after 50 days of inactivity, you can disable account after 60 days of inactivity, after 120 days you can move account to Disabled OU and you can even delete account after 365 days of inactivity.
You can do that automatically. Without any intervention from IT department, meaning that you will save a lot of time.
The only work IT technicians may have, is to re-enable account if the user starts using it again. But that would be done anyway.
I hope you got an idea of product simplicity by reading Lepide Active directory Cleaner review. Product is really simple to use, has Active Directory automation functionality and can be a real time and money saver.
Lepide Active Directory Cleaner pricing is based on number of users.
Pricing for up to 200 users is $1.00 per user when it’s subscription based. $200 for 200 users – subscription based license.
Pricing for up to 200 users is $2.50 per user if the license is perpetual – $500 for 200 users perpetual license