Current Version: 2.7.0

nFront AD Disabler

Download Trial
Watch Video Demo

nFront Account Disabler

Never worry about dormant accounts again.

Wouldn't it be nice to automatically disable any accounts that have not logged on in three weeks?

nFront Account Disabler can automatically disable inactive and dormant accounts within your Windows Active Directory. Disabling inactive accounts is not only a security best practice but it is also part of the PCI compliance requirements and the IRS 1075 guideline.


A Fully Automated Solution:

Some utilities simply offer reporting and leave the work of disabling accounts up to you. nFront Account Disabler is different. If is fully automated and once configured you need only review the daily activity reports which can be emailed to you in an HTML or PDF format.


  • Determines last “true logon time” for all active directory accounts. In other words, it scans across all domain controllers to get the correct last logon time for each user.
  • Can disable accounts even though all domain controllers are not available at the time of the query.
  • Can skip system accounts like IUSR_<machine-name>.
  • Do not disable the built-in Administrator account.
  • Do not disable specific groups like a group for service accounts.
  • Generates local HTML reports.
  • Can email a PDF or HTML report of the dormant accounts to an Administrator.
  • Builds a CSV file of disabled accounts.
  • Maintains a running log of all accounts that have been disabled by nFront Account Disabler. This log does not track accounts that have been disabled outside of nFront Account Disabler.
  • Smart enough to skip accounts that you created yesterday whose last logon time is “never.”

Up and Running in 5 minutes

You can install and configure the software in less than 5 minutes.

nFront Account Disabler Configuration dialog.

nFront Account Disabler Configuration report settings.


Example Report of Dormant Accounts:

nFront Account Disabler Report

Date of Run: 10/23/2008 1:09:48 PM

Active User Accounts: 910


Disable Old Accounts: True
Ignore unreachable domain controllers:False
Old Account Age (in days):90
Reporting / Service Interval (in hours):24
Report To Address
Report From
SMTP Server:

Users with dormant account

Username Last Logon Time Server Name Disabled
test201 3/17/2008 4:17:18 PM dc50.lab5.nfrontlabs.local Yes
test202 6/3/2008 2:03:36 PM dc50.lab5.nfrontlabs.local Yes
test203 Never logged on dc50.lab5.nfrontlabs.local Yes


Limitations of the evaluation version

  • Reports up to 3 inactive accounts
  • Does not disable any inactive accounts

System Requirements

  • Windows 2000, 2003, 2003R2, or 2008 server
  • 2 MB free disk space
  • Microsoft .NET Framework 2.0 or later

nFront Security, Inc © 2017

Contact Us | Terms of Use | Privacy Policy