Manual system administration over an extended period of time tends to leave Orphan Accounts. Directory Cleanup is a process used to identify orphans, and deactivate their accounts.

Some Access Management Systems incorporate tools for Directory Cleanup, including identification of orphans based on last login time/date, or based on User ID Reconciliation and including batch Deactivation of Access.

Return to IT Security Concepts