Solved

Disable Windows Account For User Already Logged In

Posted on 2014-04-02
4
306 Views
Last Modified: 2015-03-24
In AD, what's the behavior when a user account is disabled but still logged in?  Will the user still be able to access domain resources, e.g., files, Outlook etc until the user is logged off?
0
Comment
Question by:bsohn417
  • 2
4 Comments
 
LVL 2

Expert Comment

by:YoursJitu
ID: 39972119
No system will not allow it to access.

When your account is even locked out and if you trying to access any of the shared drives or outlook or trying to execute any active directory users and computers window you will get the error message. System may allow you to log on to the system due to cached password but resources which are online like outlook or file share will not work.
0
 
LVL 7

Accepted Solution

by:
Lee Ingalls earned 250 total points
ID: 39972204
I've found in a MS Server 2008 r2 AD domain user account that has been disabled; the active login retains access to the resources until logged out. From the server you can close open files and disconnect or force logoff.

I just tested to verify... the Windows 7 Client logged into domain\test1 retained access to shares and mapped drives. After account had been disabled in the AD; the user stilled logged in, but no AD/network resources were available.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 39976012
If I am not completely mistaken, this is what the Kerberos ticket lifetime is about. He will have access until his ticket expires.
Ticket lifetime can be adjusted, but not after he got it.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39976128
Oh, and even when his ticket expires, he will still be able to access resources he was on in this session. But he won't be able to connect to new resources.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now