No announcement yet.

user accuntaccess after disable - windows2003?

  • Filter
  • Time
  • Show
Clear All
new posts

  • user accuntaccess after disable - windows2003?

    I have a Windows2003 ActiveDirectory (AD).
    AD is *NOT* used as the workstation desktop login (instead Novell NDS is used).
    AD is used for group membership. Groups are used by applications to determine application access.

    Question one:
    If I disable a user in AD, does that *ONLY* disable login from a workstation (which is not used in my case) or does disabling also prevent other privileges.?
    If my account is disabled do I still have domain privileges. Can I access a shared folder? Can I print to a printer?

    Question two:
    If I DISABLE a user in AD, and the application tests the AD group for user account membership, will that test return true? Or will that test return false because even though the user is a member, their account is disabled?

  • #2
    If user account is disabled, any access for this account is disabled: no logons/shares/printers/etc... nothing...

    Yet you can always check the group membership (even of a disabled account) by looking at the memberOf attribute of the user object.

    What method does your application use for group membership checks ?
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"