In this article:  

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

Objective  

This article explains how to use the Risk Assessment feature in ADAudit Plus to generate a report that identifies dormant administrative accounts within your Active Directory environment.

Prerequisites  

• You must have access to the ADAudit Plus web console with an administrator account or a technician account that has permissions to view the Analytics tab.

• Your on-premises domain controllers must be configured in ADAudit Plus and successfully collecting security logs.

• To generate meaningful data, ADAudit Plus should have been running and collecting data for a period longer than the dormancy period you wish to check (e.g., more than seven days).

Steps to follow  

1. Log in to the ADAudit Plus web console with an administrator or delegated technician account.

2. Navigate to the Analytics tab.

3. From the left pane, click Risk Assessment.

4. Under the Risk Assessment Reports section, click the Dormant Admin Accounts report.

5. Select the desired time frame from the Period drop-down menu to define what constitutes a dormant account.
   
   
   

Validation and confirmation  

• The report will generate and display a list of all administrative accounts that have had no logon activity or other recorded events during the time frame you selected.

• Review the list to identify which high-privilege accounts are not being used and may be candidates for disabling or deprovisioning.

Tips  

• Regularly run this report (e.g., quarterly) as part of your user account review process to maintain good security hygiene.

• Consider disabling confirmed dormant accounts instead of deleting them immediately to prevent potential service disruptions.

Related topics and articles  

• User behavior analytics