Activated accounts that remain unused for an extended period (such as one year or more) can grant access to individuals who already left the company. This can further complicate the management of user accounts.


Inconsistent account management policies can result in keeping user accounts that are no longer in use, whether due to an employee departures or deprecation of an old application or system.
These inactive accounts can pose a security risk by providing unauthorized access to company assets in the event of a password compromise. Moreover, as these accounts do not update their authentication secrets, they are more vulnerable to attacks.
To manage directory access effectively, it is best to deactivate all unused directory accounts.

See Also

Monitoring Active Directory for Signs of Compromise

Indicator Details

Name: Dormant Accounts


Severity: Medium

MITRE ATT&CK Information:

Tactics: TA0004, TA0001, TA0003

Techniques: T1078