SyferLock Help Center

Ignoring Disabled Users in Active Directory

Denying user the ability to register and login via GridGuard is a key component of user security. Ignoring disabled users also allows you to reduce the number GridGuard licenses that are being consumed. This document describes how GridGuard can be configured to ignore disabled users.

  1. Login in to the Administration & Configuration Console. (https://{gridserver}:8443/admin)
  2. Navigate to the Server Definition object that points to your Active Directory server(s).  
  3. Locate the "User Query" field
  4. The "User Query" field will look most likely look something like this: (&(objectClass=user)(sAMAccountName=?))
  5. Change the value of the field to: (&(objectClass=user)(sAMAccountName=?)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))
  6. Save the Config.  

If you want to remove any existing users that are disabled, run the "Purge Inactive Users" option under "License & User Management" menu.  This will remove all users who are missing or disabled in Active Directory.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk