JSI Tip 5794. You disabled an account in Active Directory but the user can still logon?

After you right-click a user in Active Directory Users and Computers and press Disable Account, you find that the user can still logon.

If you have multiple domain controllers, and the user is authenticated by a domain controller that you did NOT make the change on, this condition will exist.

When you disable an account, urgent replication is NOT triggered.

NOTE: This condition is also true when you disable the account using the command line:

net user <UserName> /active:no /domain

To workaround this condition, after you disable the account, use Reset Password.

NOTE: To disable the account using the command line:

net user <UserName> /active:no /domain
net user <UserName> <NewPassword> /domain



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish