Employees come, employees go, computers come, computers go... What (often) stays are their accounts. In my consulting days, I've checked many Active Directories for old and unused accounts. I've never ever seen one that didn't contain at least 10 accounts that were not used anymore.
This, in itself, is nobody's fault. When a new employee arrives, HR requests a new account, simply because the new user cannot work without a login and password. When the same user leaves, nobody thinks about the account that's left behind.
Same goes for computer accounts. The new computer is made a part of the AD, but when it dies nobody thinks of updating the AD.
To make an administrator's life a ... READ MORE>>