Forum Discussion
Solved
Remove dormant accounts from sensitive groups
Hi! I'm having an issue with "remove dormant accounts from sensitive groups" in Secure Score. The sensors are installed on an old Active Directory domain, and i do not know the history of it...
- On the 15th of february 2024, the two accounts I had listed as affected by "Remove dormant accounts from sensitive groups" finally cleared, and the Secure Score was updated as "Completed"
I have not changed anything for months, so I presume this is a fix thats rolled out from MS?
Can anyone else confirm this?
I have the exact same problem with two accounts in our domain as well. The accounts used to be "Domain/Enterprise Admins", but have since been disabled, and all administrative access removed.
I've looked everywhere, and the accounts does not have the "Replicating Directory Changes permission" anywhere.
The powershell commands shows nothing for the two affected accounts, but shows (correctly) that a full Domain/Enterprise Admin has those rights.
Så either the Defender for Identity sensor, triggers on something else, or there is some bug in the detection routines.
I've had accounts previously, where I've removed administrative access, and the "Removed dormant accounts from sensitive groups" has cleared fine.
Didn't see the tip about adminCount=1, the first time I replied. Both my problem accounts had this, so I've tried clearing it now, and hopefully that will fix my problem.