Deactivate disabled AD-Users in Mattermost

I am pretty sure that when I tested Mattermost about 2 Years ago user accounts in Mattermost were automatically disabled as soon as a AD Account was disabled. Since you might have guessed already we are using mattermost with ad login. As it usually happens employees leave the company and their ad accounts get deactivated and eventually deleted. But we noticed that their MM accounts live on and wont get set to the state “inactive”. Is there a way to disable users automatically when the ad login is no longer available? As you can imagine it is pretty annoying that these users keep up using licenses even though they dont work for us anymore. I know that you could disable them manually or even in the Database but that seems tedious.

Hi @Gunny,

Here is more information on deactivating users: https://docs.mattermost.com/deployment/sso-ldap.html#how-does-deactivating-users-work. Let me know if this doesn’t help and we’ll continue to investigate this.

Thanks! Adding " (&(objectCategory=Person)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))" to the user filter did the trick.

1 Like