Skip to main content

How Does Inactive User Tracker Work?

Question

How does Inactive User Tracker (IUT) work?

Answer

  1. IUT requests the current date from the local machine.
  2. IUT requests the list of Active Directory users from the domain (via LDAP).
  3. IUT picks the first user from the list.
  4. IUT retrieves lastLogon and lastLogonTimestamp attributes for the user from every domain controller.

IMPORTANT: In case a single domain controller is unavailable, no action will be performed.

  1. If the user has never logged in, the createTimestamp attribute is used instead of lastLogon or lastLogonTimestamp. In case multiple lastLogonTimestamp entries are available, the most recent is used.
  2. Inactivity time is calculated using createTimestamp, lastLogon or lastLogonTimestamp and the local machine date/time to determine the number of days.
  3. If the user matches the inactivity criteria specified, they will be added to the list of inactive users and acted upon according to the configuration.
  4. Steps 4 to 7 are repeated for each user in the list.