Hello, I'm of the view that a user interface that provides a control to mark an account disabled, it is unreasonable to expect an administrator to know it doesn't do anything.
It's interesting to note that an experienced user started the topic by asking a similar question, so if it can fool the experienced, it needs addressing. To put this into context, if I use the Active Directory Users and Groups tool, I can view a disable a user by selecting disable (or whatever the option may be). The same is true for other user management tools, so an administrator would and should and expect the same from AR System. With that in mind, I've added some new functionality to SSO Plugin version 3.3 to deny SSO access for a user who's entry is marked disabled and perform one of two actions: Display an informative message suggesting they contact the service desk, or raise an incident in BMC ITSM Incident. Some of the best functionality comes from user feedback, and thank you to those who have contributed to this thread. John Baker -- Single Sign On for the AR System http://www.javasystemsolutions.com/jss/ssoplugin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"