When an Active Directory account is disabled can the account still operate

Posted on 2007-10-12
Last Modified: 2013-12-04
Major screw up by our HR dept on a terminated employee, the employee was said to left the building but didn't, IT locked down account by disabling Active Directory account

Later we realized that the employee was logged into their workstation at the same time the AD was disabled.

Now for Domain Admins some accounts used in multiple server settings get locked out but you do not realized they are locked out until trying to make a new connection.

Question is this, if you disable or lock an AD account while the account is logged onto the network does the disable/lock out become effective only once the current session is terminated?
Question by:PROJHOPE
    1 Comment
    LVL 4

    Accepted Solution

    The disable account becomes effective immediately.
    Access to network  and server specific resources will no longer
    be available to the logged in user, however, access to resources
    available to 'Everyone' will still be accessible, such as running
    network programs and usually printing.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now