When an Active Directory object is disabled, it means that the object cannot be used and its services and credentials are inaccessible. A disabled object may still exist in the directory, but it is no longer active.
To understand the full implications of an object that is disabled, consider the following steps:
- Understand the hierarchy of the network
- Understand the different types of objects in the Active Directory
- Determine the types of objects that can be disabled
- Identify the impact and implications of the disabled objects
- Devise a plan to ensure that the disabled objects do not become a security risk