Discussion

Feature Request - Do not assign licenses to disabled AD users

Directory Server

Updated March 10, 2021

posted on March 8, 2021

It seems that Directory Server Identity Providers Sync will even create accounts and assign licenses for Disabled users. It would probably be best to not have a license assigned to a disabled AD user, at the very least, as they would never be able to use it.

It is common for IT to disable a user at the AD level instead of deleting a user, this way if they return, they can enable the user and accounts/licenses will be assigned again in all systems.

0 0

Comments 5
Follow-Ups 0

replied on March 10, 2021

Hi Chad,

When a user is disabled in AD, LFDS should revoke their license and disable their account in LFDS. Is "Exempt from synchronization rules" enabled for the affected users in LFDS?

0 0

replied on March 8, 2021

It might be your version of LFDS. We're using 10.4.5 and licenses are removed from users disabled in AD and when the user is deleted from AD it is also removed from LFDS.

0 0

replied on March 8, 2021

This one is running on 10.4.5.623

0 0

replied on March 8, 2021

We're running the same version and ours is working, weird. There's no other options to control that behavior.

0 0

replied on March 8, 2021

I looked over the options and there isn't really anything to change. Just the group and which license is assigned. I also made sure it is successfully syncing.

They are finding both the account exists AND the license is still assigned. Could be differences in AD versions.

0 0

You are not allowed to follow up in this post.

Discussion

Discussion

Feature Request - Do not assign licenses to disabled AD users

Comments 5

Follow-Ups 0

Sign in to reply to this post.