Policy Server used to stop processing Authentication to other User
Stores, once user disabled status is returned. Now this behavior can
be changed by sertting a new Registry setting 'ReturnOnDisabledUser'.
IMPORTANT: This article contains information about modifying the
Before modifying the registry, make sure to create a backup of the
registry and ensure that you understand how to restore the registry if
a problem may occur.
For information about how to back up, restore, and edit the registry,
please review the relevant Microsoft Knowledge Base articles on
A registry setting 'ReturnOnDisabledUser' has been added. It will
decide whether Policy Server will continue to process authentication
to other user stores if it hits a disabled user.
Add the registry key :
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer\ReturnOnDisabledUser = 1
ReturnOnDisabledUser= 0x1; REG_DWORD
ReturnOnDisabledUser = 1:
On finding the user disabled in the first User Store, Policy Server
would not look into other configured UDs and declare the user as
"Not Authenticated" .
ReturnOnDisabledUser = 0:
If the user is found disabled, Policy Server will continue to look
up through the other configured User Stores and mark the status as
"Not Authenticated" only if the user is disabled in all User Stores.
This is applicable for LDAP User Stores, from Siteminder Policy Server