We recenlty identified our Pulse secure is allowing locked/disabled AD accounts to connect to VPN. We use certificate authentication and pulse validate the cert and it allows users to connect even if user account is locked out or disabled. we writted a custom expression rule in Pulse to check the status of the account in AD to block if any users account is locked/disabled by assigned no role. userAttr.lockouttime != 0 - Worked as expected. userAttr.msDS-UserAccountDisabled != 0 -- > Disabled user account still connect to VPN. Please suggest. Thanks in advance. version : 9.0R4.1 - PSA7000c.
... View more