Dormant and obsolete user profiles need to be managed. Normally, that means you need to delete them, but you should at least be sure they’re disabled. If you are grappling with SOX or HIPAA compliance, here’s a relevant section from COBIT. COBIT is what your auditors use as a guideline for evaluating your internal controls.
COBIT DS5.4 User Account Management
“Management should establish procedures to ensure timely action relating to requesting, establishing, issuing, suspending, and closing of user accounts.”
You can get the entire lowdown on COBIT at http://www.isaca.org
In this issue, Carsten provides a great new command that can help you implement controls over dormant user profiles. It’s similar to the IBM command ANZPRFACT(Analyze Profile Activity), but it has some nice added capabilities.
Download the save file containing the source code.