Userify Enterprise: How Disabled/Locked Out Users in Active Directory Are Handled
Applies to: Active Directory and LDAP
When a user account is locked out (via timestamp) or disabled (bitmask) in your Enterprise Directory, Userify flips a disabled flag in the associated Userify account. (This flag is kept in sync and automatically unset when the account is returned to normal status.)
When disabled, the user's account can still be managed in the Userify dashboard, and permissions can be granted or revoked just as when the account is fully functioning, except that those changes do not take place until the account is fixed.
Disabled and locked out user accounts:
- Are removed from all servers including home directories, etc. (restorable)
- The user cannot log into any servers
- Any scripts or daemons owned by that user are terminated.
When re-enabled (un-disabled or unlocked), server user accounts and access are restored (including home directories) across all servers that the user has access to.