Unlicensed Accounts?


  • A)   My employer is using Active Directory via Windows Server 2008 R2 domain controllers.

    B)   We have a third party solution which interrogates AD to populate employees details such as phone number and office location.

    C)   We have a large number of staff who do not require network access.

    My question is, is there a field in AD which can be used to flag an account as being a non network user, perhaps userAccountControl.

    Ultimately we would like to not have to pay for accounts which will not be accessing the network.

    Thank you

    Monday, January 30, 2017 4:33 AM

All replies

  • Hi Mossfree,

    What do you mean by non-network user? When you create a user or any account, there will be a corresponding SID for that object and add that value to the total number of SID allocated. Therefore that "third-party software" should be looking for that SID and any object in the AD is considered as "network object". You can check the last logon information but you have to know how your software works on how it counts the user or object.


    CD Technologies

    Monday, January 30, 2017 4:50 AM
  • You can have any number of user objects in AD without paying more, so you must be concerned about your third party application charging by the number of users. You will need to ask the support for the third party app. For example, you can disable the accounts for people that will never logon. But you need to ask if that results in not being charged.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, January 30, 2017 11:16 AM
  • Thank you for your reply Richard.

    We are not concerned with a fee from the third party, the concern is the fee to MS for AD accounts which are not used for accessing network but purely for holding staff information which will be picked up by the third party.

    I suppose an easier question may have been. Is it possible to have accounts in AD which do not require a license. Does a disabled account provide what we need?

    Tuesday, January 31, 2017 1:51 AM
  • Hi there TotoyBeebo,

    What I mean by non-network user, is a user account which is a holding place for staff information but does not login to any pc because the staff members role doesn't require pc access.

    Thank you

    Tuesday, January 31, 2017 1:54 AM
  • It will depend on your server OS license. The kind I am familiar with limits the number of users logged on at any time. But your license can be different. I would inquire here:

    or here:

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, January 31, 2017 3:00 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Alvin Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, February 7, 2017 7:43 AM