question

brenji avatar image
0 Votes"
brenji asked LimitlessTechnology-2700 answered

Block azure/o365 login if ad account is disabled via ad connect

I noticed that when accounts are disabled in AD, AD connect does not sync this attribute and block sign-in to azure/o365. Is it possible to sync this attribute to automate this?

Thank you,

Ryan

windows-active-directoryazure-ad-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
1 Vote"
michev answered

That's not the default behavior, accounts disabled on-premises will have the corresponding BlockCredentials flag toggled in Azure AD too. If that's not what you are seeing, check your sync rules. Or do you perhaps mean "locked" accounts?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

If a synced directory user account is disabled in Azure or Active Directory, the user will be disabled in Duo automatically when the next directory sync occurs. This is by design and I suppose you cannot automate this


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.