A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users “DN=company.com; OU=hq CN=users”
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
Confirmed. C is the correct answer.
https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch06s29.html
C is the correct answer, -inactive 3 is in increments of weeks. Thus 7×3=21.