A New Account Is Created When a Disabled User Logs in Using AD
book
Article ID: 285148
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
After setting an Active Directory user as disabled, a new enabled user account is created after they authenticate.
Environment
- CB Protection Console: All Supported Versions
- Microsoft Active Directory: All Versions
Cause
This is currently the expected behavior. However, our developers are looking into a potential change in an upcoming release.
Resolution
Our developers are considering a change to this behavior on internal ticket EP-8877.
We currently recommend:
- Removing the user from CB Protection related groups in Active Directory.
- Setting the default [all others] User Role Mappings to None.
Feedback
thumb_up
Yes
thumb_down
No