Every Salesforce admin knows their org has data quality problems. What most don't know is how their org compares — whether 60% unused custom fields is normal, whether a 12% duplicate rate on Contacts is something to panic about, or whether the validation rule conflict their sales rep hit last quarter is a fringe case or an industry-wide pattern.
This report aggregates what Salesforce org health diagnostics are finding in 2026 across four categories: data quality at the field level, configuration debt, migration risk from sunset automations, and the org health scoring framework that puts all of it on a single number. The goal is to give every admin a benchmark to measure against — and a prioritized action list when their org falls below it.
Data Quality Findings
Data quality in Salesforce degrades through accumulation, not deletion. Objects get columns added every quarter; columns rarely get removed. The result is a field inventory that expands indefinitely, with a shrinking proportion of fields that contain useful data.
Unused Custom Fields: The 60% Problem
When admins run a field usage audit on a mature Salesforce org, the finding is consistent: between 55% and 65% of custom fields have a population rate at or near zero over the trailing 90 days. On the Account and Contact objects — the highest-volume objects in most orgs — unused field rates above 50% are the norm, not an outlier.
The pattern follows a predictable lifecycle: a field is created for a specific project or integration, used for 3–6 months, then the project completes or the integration changes. Nobody deprecates the field. Nobody adds a description explaining what it was for. Five years later, the org has 400 custom fields on Account and 220 of them have never been populated by a live user.
Fields with naming patterns like _old, _v2, _temp, _legacy, _bak, or _DO_NOT_USE account for a disproportionate share of this total. They're the honest ones — someone knew the field was obsolete and tried to document it inline. The more dangerous category is fields with no description and no usage data and no indication of why they exist.
Duplicate Records: Where Pipeline Numbers Break
Duplicate records are the data quality problem that causes the most visible downstream damage. A 10% duplicate rate on Contacts means 10% of your email sends are going to dead addresses, 10% of your pipeline reports are double-counting, and 10% of your AI-driven lead scoring is processing the same person twice with different scores.
Across org audits, duplicate rates on Contact and Lead objects average between 8% and 14% without active deduplication rules in place. On orgs that have used multiple marketing automation platforms over the years — HubSpot to Marketo to Pardot, or any migration path — duplicate rates climb higher because each platform sync created its own records without reliable matching.
The CSV Scanner identifies probable duplicates in exported record data based on fuzzy name matching, email normalization, and domain deduplication — the same logic Salesforce's native Duplicate Management uses, available without a Salesforce connection.
Picklist Value Sprawl
The Opportunity Stage picklist is the canonical example. The standard Salesforce installation ships with 7 stage values. After 5 years and 3 CRM managers, the average enterprise org has 15–22 active stage values, with an additional 8–12 values that are technically active but represent fewer than 2% of records combined.
Duplicate values with different capitalization ("Prospecting" vs "prospecting"), legacy values that were never retired ("Old - Closed Won"), and values that were supposed to be temporary ("Q3 2022 - Special Offer") are present in the majority of mature orgs.
Picklist sprawl degrades reporting in a specific way: it fragments your pipeline analysis across artificial splits. A stage called "Proposal Sent" and another called "Proposal / Price Quote" represent the same step in most sales processes. Every report that uses Stage as a dimension is producing a false picture of where deals actually live.
Data Completeness on Required Fields
Required fields in Salesforce can be bypassed. Admin-level imports, API inserts, and legacy integrations that predate the required field configuration can all create records with empty required fields. The result: fields you believe are guaranteed to be populated aren't.
A practical benchmark: on high-volume objects (Account, Contact, Opportunity, Lead), expect 3–8% of records to have at least one "required" field that is empty. On objects populated primarily through API integrations, that number can reach 15–20%.
This matters for AI-driven workflows specifically. Any Einstein or Agentforce feature that relies on a field being populated — lead scoring, opportunity scoring, next-best-action recommendations — degrades silently when the field it reads is empty. The model doesn't tell you it got an empty input. It just produces a worse output.
Benchmark Your Own Org's Data Quality
Two free tools, no Salesforce credentials required for the initial scan. Results in under 60 seconds.
Configuration Debt
Configuration debt is the accumulation of automation, rules, and metadata that was built for a context that no longer exists. Unlike data quality problems, configuration debt is harder to quantify — a validation rule that fires 0 times per month might be perfectly intentional, or it might be an orphan from a project that ended in 2022 and is about to block a record at the worst possible moment.
Related: Salesforce admin debt: what it costs and how to fix it — the full taxonomy of technical debt at the Salesforce configuration layer.
Validation Rule Conflicts
In orgs with more than 50 active validation rules, rule conflicts are present in the majority. The typical conflict pattern: two rules that each reference the same field but with conditions that weren't tested together. Rule A blocks save when Field X is empty. Rule B requires Field X to be empty under a condition that can co-occur with Rule A's trigger condition.
The conflict doesn't surface until a user hits the specific combination — often under time pressure. The sales rep on the last day of the quarter. The onboarding manager processing a batch. When it surfaces, the org admin gets an emergency Slack message and has to diagnose which of 80 active validation rules is causing the problem.
The Validation Rule Auditor maps active rules by object, identifies rules referencing the same fields, flags rules that have never fired, and surfaces rules that were created more than 12 months ago with no modification since.
Flow Health: Missing Fault Paths and DML in Loops
The two most common critical findings in Flow audits are missing fault paths and DML operations inside loop elements. Missing fault paths mean a Flow failure produces no error record and no notification — the automation simply stops mid-execution and the user or record that triggered it sees nothing happen. DML in loops is a governor limit time bomb: the Flow works in testing, works with small record volumes, and then fails silently or throws a governor limit error when it processes a batch job at scale.
In orgs with more than 30 active Flows, expect to find missing fault paths in 40–60% of Flows and DML-in-loop patterns in 15–25%. The Flows that are most likely to have these issues are the oldest ones — built before Salesforce introduced better tooling for fault path handling, and never revisited.
The Flow Health Auditor scores each Flow across 7 weighted categories including fault paths, DML in loops, unbounded record retrieval, hardcoded IDs, and schedule-triggered risk. Each finding includes the specific element path within the Flow and a recommended fix.
Permission and Profile Bloat
The average enterprise Salesforce org has between 40 and 120 permission sets, with 25–40% of those permission sets assigned to 5 or fewer users. Permission sets created for specific projects, specific consultants, or specific integrations accumulate without a retirement policy.
The security risk is real but often invisible: a permission set that grants access to a sensitive object or API, created for a consultant engagement that ended 18 months ago, may still be assigned to users who were onboarded during that engagement and never had the permission set revoked. The Permission Auditor surfaces low-assignment permission sets, permission sets with conflicting object access, and users with redundant assignments.
Sharing Rules and OWD Mismatches
Sharing rules that contradict Organization-Wide Defaults are a common source of data access confusion. The pattern: OWD is set to Private on an object, but a sharing rule grants Read/Write to a broad group. The effective access is wider than intended, but it's not visible unless someone explicitly audits the combination.
In orgs that have had multiple admins over time, expect to find at least 3–5 sharing rules per major object that are either redundant, contradictory, or no longer match the intended access model. The Sharing Rules Auditor maps OWD settings against active sharing rules and flags mismatches.
Related: Salesforce admin debt — how sharing rule accumulation fits the broader pattern of org configuration drift.
Audit Your Configuration Debt
Three free tools cover the most common configuration debt categories. Upload metadata exports — no live org connection required.
Migration Risk: The Workflow Rule Sunset
Salesforce Workflow Rules and Process Builder lost support at the end of 2025. Organizations that haven't completed their Workflow Rule to Flow migration are operating unsupported automation that Salesforce will not fix if it breaks. The risk isn't theoretical — any Salesforce release can introduce behavior changes that break legacy automation, and Salesforce's support obligation for those breakages ended with the sunset.
Org audits in 2026 consistently find two migration risk patterns:
Unmigrated automation in production. Despite the December 2025 deadline, a meaningful portion of organizations still have active Workflow Rules or Process Builder processes. In many cases, the admin team is aware — migration is on the backlog, but the "it's still working" logic prevails. The org continues to process transactions through sunset automation, accumulating migration risk with every Salesforce release.
Partial migrations with hidden dependencies. The more dangerous case is a "completed" migration that left behind hidden dependencies. A Process Builder process was converted to Flow, but the Process Builder was left active. Both automations now fire on the same trigger, doubling email sends or creating duplicate records. Or a Workflow Rule that sent a field update was migrated, but the new Flow uses a different condition than the original — the change was intentional, but the documentation didn't survive the migration.
Find Your Unmigrated Workflow Rules
The Migration Auditor inventories your active Workflow Rules and Process Builder processes, risk-scores them by complexity, and flags partial migrations with potential conflicts.
Run Migration Audit →See also: Salesforce Workflow Rule to Flow Migration: The 5-Step Audit — the complete inventory and sequencing framework.
Org Health Scoring Framework
A single org health score gives you a continuous measure of where your org stands. The framework below is what Luxera Cloud uses to produce scored diagnostic reports. Each category carries a weight that reflects its operational impact — not just its frequency.
| Category | What It Measures | Weight | Target |
|---|---|---|---|
| Field Utilization | % of custom fields with >0% population in trailing 90 days | 20% | >50% utilized |
| Duplicate Rate | % of Contacts and Leads with a probable duplicate | 20% | <5% |
| Automation Health | % of active Flows with fault paths + no DML-in-loops | 20% | >80% clean |
| Rule Conflicts | Validation rules with identified field-level conflicts | 15% | 0 conflicts |
| Migration Risk | Active Workflow Rules or Process Builder processes remaining | 15% | 0 active |
| Permission Hygiene | Permission sets with <5 assigned users or conflicting grants | 10% | <10% orphaned |
Score interpretation:
- 80–100: Healthy org. Maintenance mode — run diagnostics quarterly.
- 60–79: Active debt accumulating. Schedule a remediation sprint.
- 40–59: Operational risk. At least one category is likely causing live problems.
- Below 40: Structural debt. Data quality and automation issues are degrading revenue operations.
The scoring framework intentionally weights duplicate rate and automation health highest because those two categories produce the most visible operational damage. A 15% duplicate rate corrupts pipeline reporting in a way that's visible to every stakeholder. A Flow without a fault path is a ticking silent failure. Field utilization is important but its damage is slower — it degrades performance and admin productivity rather than creating acute failures.
How to Improve Your Score
Each category has a different remediation path. The most effective order is:
- Resolve validation rule conflicts first. These cause live blocking issues. Run the Validation Rule Auditor, identify conflicting rule pairs, and resolve before they surface in production.
- Deduplicate Contact and Lead records. Export, run through the CSV Scanner, and process merges in batches. Getting below 5% duplicate rate cleans up every downstream report and automation that reads those objects.
- Complete the Workflow Rule migration. Any active Workflow Rule or Process Builder process is unresolved technical debt. Inventory, risk-score, and migrate — the Migration Auditor produces the inventory automatically. See the migration guide for the sequencing framework.
- Add fault paths to critical Flows. Don't try to retrofit every Flow at once. Identify Flows that trigger on Opportunity or Account changes and add fault paths there first — that's where silent failures have the highest revenue impact.
- Deprecate unused fields in batches. Run the Field Auditor, export the candidate list, deactivate before deleting, and monitor for 48 hours. Work in objects: Account first, then Contact, then Opportunity.
Why This Matters More in 2026
Data quality has always mattered in Salesforce. What's changed in 2026 is the consequence of getting it wrong.
Every Agentforce agent, every Einstein scoring feature, every custom AI workflow built on Salesforce data is reading your org as it finds it. An AI model trained on a Salesforce org with 60% unused fields, a 12% duplicate rate, and 40 Flows without fault paths doesn't produce worse results because the AI is bad — it produces worse results because the data it's reading is unreliable. The model has no way to distinguish a meaningful empty field from an empty field that signals something important. It treats two duplicate Contacts as two separate people with two separate scores.
The Salesforce Optimizer alternatives have expanded significantly in 2026. The native Optimizer still produces a PDF report that stops short of actually fixing anything. Tools that automate the detection and provide actionable remediation paths — rather than just surfacing findings — are closing the gap between knowing you have a problem and doing something about it.
Cleaning up your Salesforce org is no longer just an admin hygiene practice. It's prerequisite infrastructure for any meaningful AI adoption on the platform.
Run Your Full Org Diagnostic
Eight free tools. No Salesforce credentials required for the initial scan. Most results in under 60 seconds. Founding Member plan: $79/month per org, 14-day free trial, no credit card required.