How domain account removeal works
When technicians use JIT access for computers in domain environments, individual domain admin accounts are created every time new technician logs in for the first time. When these accounts are not in use, they are in disabled state. In order to make the number of accounts manageable, idemeum agent that is installed on domain controller will periodically inventory all technicain JIT accounts. And if the account has not been used for the last 30 days, it will be deleted.Let’s look at the example. Technician
alex logs into the domain controller and the account msp-alex is created. Once alex logs out, the JIT account is disabled. For 30 days alex does not login to this domain environment. As a result, the account is deleted after 30 days. If alex tries to login after a period of 30 days the account msp-alex will be recreated.