Dormant accounts are active accounts no longer used — former employees, old service accounts, test accounts. Prime targets for attackers since owners won't notice unusual activity.
Regular access reviews identify dormant accounts. Automated deprovisioning reduces risk. Policy: disable accounts inactive 90+ days. Service accounts with no recent logins may be orphaned. Disable before delete (confirm nothing breaks first).