> ## Documentation Index
> Fetch the complete documentation index at: https://docs.idemeum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Auto account removal

> Domain controller agent will remove any JIT domain account that has not been used for 30 days.

## How domain account removeal works

When technicians use JIT access for computers in domain environments, individual domain admin accounts are created every time new technician logs in for the first time. When these accounts are not in use, they are in disabled state.

In order to make the number of accounts manageable, idemeum agent that is installed on domain controller will periodically inventory all technicain JIT accounts. And if the account has not been used for the last 30 days, it will be deleted.

<Note>
  Let's look at the example. Technician `alex` logs into the domain controller and the account `msp-alex` is created. Once `alex` logs out, the JIT account is disabled. For 30 days `alex` does not login to this domain environment. As a result, the account is deleted after 30 days. If `alex` tries to login after a period of 30 days the account `msp-alex` will be recreated.
</Note>