NB Inactive Counter

[sbuck1]

Hi Vincent,

from my perspective the counter for "NB Inactive" user accounts is missing one query. It does not count the number of user accounts that exists but never logged on to any system. These should also count to inactive users from my point of view.

Best regards, Steffen

[An-dir]

Hi @sbuck1

reading the source of the rule "S-Inactive" for "InactiveUserOrComputer" or so called "Dormant accounts" in the following files, it is clear that the time for activity is being calculated with "LastLogonTimestamp".
RULE: https://github.com/vletoux/pingcastle/blob/master/Healthcheck/Rules/HeatlcheckRuleStaledInactive.cs#L24 Healthcheck data used for the rule: https://github.com/vletoux/pingcastle/blob/master/Healthcheck/Healthcheck.cs#L367

If a user is enabled and not active within the last 6 * 31 days it is considered inactive. The query in the sourcecode seems to be correct. i have compared date from section "User Information" > "Account analysis" with active directory and could not find an issue with current version of PingCastle. if you take "Nb Inactive" and add "Nb Active" from that table then you should get the amount of "Nb Enabled" if you can reproduce your problem and give more details about what you mean there might be a solution that works for you otherwise feel free to close the issue.

If you miss some entries in the List "Inactive objects (Last usage > 6 months)" you might have not seen the following hint "Output limited to 100 items - go to the advanced menu before running the report or add "--no-enum-limit" to remove that limit"

[An-dir]

Additional hint from the comment that might also apply here: "Please note that PingCastle relies on the attribute LastLogonTimestamp to perform this check. The LastLogonTimestamp attribute is replicated but has a latency of a maximum of 14 days, while LastLogon is updated at each logon and is more accurate but not replicated."