What happens if a user is deactivated in Active Directory (AD)?

When a user is deactivated in Active Directory (AD), the synchronization mechanism between AD and Okta ensures that this change is reflected in Okta's Universal Directory. Specifically, when a user is deactivated in AD, Okta will automatically deactivate that user as well, maintaining consistency across systems. This integration allows organizations to manage user lifecycle events efficiently, ensuring that once a user's account is disabled in the authoritative source (AD), their access in other connected applications, including those managed through Okta, is also revoked. This functionality helps improve security by preventing access by users who no longer have an active status in the organization's directory services.

Additionally, the other options do not accurately represent the operational behavior of Okta in relation to Active Directory deactivations. For instance, Okta does not retain user access without changes when the user is deactivated in AD, nor does it send an alert to the user about their deactivation. Reactivation of users is not automatic and requires explicit action, so that option also does not apply. The primary takeaway is that changes in AD are mirrored in Okta to ensure that security and access controls are consistently maintained.