Question

You are a penetration tester, and you have full access to a domain controller. You want to discover any user accounts that have not been active for the past 30 days. What command should you use?

Answer 1

To find inactive user accounts on a domain controller that haven't been active for 30 days, use the PowerShell command Search-ADAccount -AccountInactive -TimeSpan 30.00:00:00 -UsersOnly, ensuring appropriate permissions and adherence to security policies.

Step-by-step explanation:

To discover user accounts on a domain controller that have not been active for the past 30 days, you would use the Search-ADAccount cmdlet in PowerShell. Specifically, the command to find inactive user accounts would be:

Search-ADAccount -AccountInactive -TimeSpan 30.00:00:00 -UsersOnly

This command checks for user accounts that have not logged in for a time span of 30 days. If you need to include disabled accounts in the search, you could add the -AccountDisabled switch to the command. It is important to ensure that you have the appropriate permissions to perform this action and to handle the information according to your organization's privacy and security policies.