AD accounts required?

Ian Cope 41 Reputation points

I have 3 accounts in my AD, which I want to know if they're still required.

I'm on functionality for domain and forest of 2016

The accounts are : replicator, root and user-11a

(Can I rename the passwords on them if they are still valid)?



Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,801 questions
0 comments No comments
{count} votes

Accepted answer
  1. cthivierge 4,051 Reputation points

    AFAIK, none of them are "BuiltIn accounts".

    They are probably accounts created by someone in your organization.

    If you want to know if they are still in use, you could look at some attributes on those accounts.

    In Active Directory Users and Computers (dsa.msc)

    • Click on View and make sure that "Advanced Features" is checked
    • Double click on the user account
    • Click on Attribute Editor tab

    Look at those attributes and you will know if they are still in use:

    • lastLogonTimestamp
    • lastLogon
    • whenChanged
    • pwdLastSet

    The date will show you the last time the account was logged, has changed or the password has changed.

    Another way would be to make a common query
    in the same console (dsa.msc)
    Right click on your Domain and click on Find...
    Click on the Find drop down menu and click on "Common Queries"
    Click the drop down menu beside "Days since last logon:" and select a value
    Click on Find Now

    you will have the list of all users that has not logged on since the number of days you have chosen.


    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Ian Cope 41 Reputation points

    I've had a look at the attributes you answer. None of them have entires for lastlogon or lastlogontimestamp.

    One is in the Users folder and the other two are disabled (in a separate disabledaccounts folder)

    The pwdlastset dates are 1998 for 2 and 2002 for another.

    The When Changed is for all 3 are this month.

    I'm inclined to think that these are all superfluous accounts (we did have exchange years ago).


    0 comments No comments