The "Match disabled Active Directory users" option in Encryption Management Server matches users from all Active Directory security groups


Article ID: 184240


Updated On:


Encryption Management Server Gateway Email Encryption


Encryption Management Server can assign users to groups using Directory Synchronization. One of the most frequently used options is to match users against membership of a specific Active Directory Security group using the memberOf attribute:

Match consumers via Directory Synchronization


However, unexpected results occur if the Match disabled Active Directory users and the If any of the following apply options are combined:

If these two options are combined, not only are the users in a specific Active Directory security group matched but in addition, all disabled Active Directory users are matched, no matter what Active Directory security group they are in.


Do not combine these options:

  1. If any of the following apply
  2. Match disabled Active Directory users

Disabled Active Directory users will be matched without the Match disabled Active Directory users option being selected.