I didn't find this in a search here so i'll ask and please direct me to the post if this has been answered.

My portal is using AD authentication just fine except when I remove a user from AD - they can still log into the portal is this intended is there a way to remove them or unauthorize them if they try to login and AD doesnt find them anymore?

Some thoughts....

1. If the user originally had a DNN account & password BEFORE you turned on AD, then it seems that the use still knows their old password and therefore is simply logging in under forms authentication.
2. AD authentication would have generated a random password for each user and then use the AD password for authentication.  Since the password would differ, then #1 could not occur.

I am guessing that #1 is the case and, if so, we (the community) needs to do a couple tests to see what occurs under different configurations...

mikez

Good points!

1. No new portal no previous accounts except host and admin.  Set up the portal went to my machine booted up went to the site and I was automatically logged in and the account was created.  Closed the browser went to AD and deleted the account I had used.  Went back to the machine logged in on different account logged out of the portal and tried to login as the deleted user.  Was able to login as the deleted user - logged in as host and the account is there and active.  The AD part seems to assign all the info from AD to the created portal account including the password. There seems to be no mechinism to deavate accounts if they are removed from AD.

Is this how it should be ??

I was never able to get the LDAP part to say it worked but the accounts seem to be created in the portal just fine - it could be possible there is something misconfigured so maybe people could give me an idea or two on things to check