Solved

Disable Windows Account For User Already Logged In

Posted on 2014-04-02
4
351 Views
Last Modified: 2015-03-24
In AD, what's the behavior when a user account is disabled but still logged in?  Will the user still be able to access domain resources, e.g., files, Outlook etc until the user is logged off?
0
Comment
Question by:bsohn417
  • 2
4 Comments
 
LVL 2

Expert Comment

by:YoursJitu
ID: 39972119
No system will not allow it to access.

When your account is even locked out and if you trying to access any of the shared drives or outlook or trying to execute any active directory users and computers window you will get the error message. System may allow you to log on to the system due to cached password but resources which are online like outlook or file share will not work.
0
 
LVL 8

Accepted Solution

by:
Lee Ingalls earned 250 total points
ID: 39972204
I've found in a MS Server 2008 r2 AD domain user account that has been disabled; the active login retains access to the resources until logged out. From the server you can close open files and disconnect or force logoff.

I just tested to verify... the Windows 7 Client logged into domain\test1 retained access to shares and mapped drives. After account had been disabled in the AD; the user stilled logged in, but no AD/network resources were available.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 39976012
If I am not completely mistaken, this is what the Kerberos ticket lifetime is about. He will have access until his ticket expires.
Ticket lifetime can be adjusted, but not after he got it.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39976128
Oh, and even when his ticket expires, he will still be able to access resources he was on in this session. But he won't be able to connect to new resources.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question