A New Account Is Created When a Disabled User Logs in Using AD
search cancel

A New Account Is Created When a Disabled User Logs in Using AD

book

Article ID: 285148

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

After setting an Active Directory user as disabled, a new enabled user account is created after they authenticate.

Environment

  • CB Protection Console: All Supported Versions
  • Microsoft Active Directory: All Versions

Cause

This is currently the expected behavior. However, our developers are looking into a potential change in an upcoming release.

Resolution

Our developers are considering a change to this behavior on internal ticket EP-8877.

We currently recommend:
  1. Removing the user from CB Protection related groups in Active Directory. 
  2. Setting the default [all others] User Role Mappings to None.