From e018ca3e29cd5f0d3a362a3d4a3749c4893f44c6 Mon Sep 17 00:00:00 2001
From: lounsbrough <lounsbrough@users.noreply.github.com>
Date: Thu, 24 Oct 2019 14:43:16 -0500
Subject: [PATCH] KEYCLOAK-11802 Simplifying logic for determining disabled
 status (#6416)

* KEYCLOAK-11802 Simplifying logic for determining disabled status
---
 .../msad/MSADUserAccountControlStorageMapper.java        | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
index efc0f0bc65e..8b7a8916e87 100644
--- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
+++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java
@@ -218,14 +218,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
         @Override
         public boolean isEnabled() {
             boolean kcEnabled = super.isEnabled();
-
-            if (getPwdLastSet() > 0) {
-                // Merge KC and MSAD
-                return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
-            } else {
-                // If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
-                return kcEnabled;
-            }
+            return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
         }
 
         @Override