Disabled user accounts are still showing up in the output of 'adquery user'. Why is this the case?
All versions of Centrify DirectControl on all supported platforms
We recently disabled a user in Active Directory, however this user still shows up when running 'adquery user' on a UNIX host in the environment. Why is this the case?
Disabling user accounts in Active Directory will not remove the user Centrify profile(s), as these profiles are contained within the corresponding serviceConnectionPoint (SCP) objects in AD, rather than the user object itself. It should be noted, however, that even though the user's show up when executing 'adquery user', this does not mean they will have access to login. Users with disabled accounts will not be able to log in to Linux / UNIX systems.
If you would like to remove users from the output of the adquery command, please remove the user profile from AD using Access Manager or through PowerShell / adedit scripts.