I found something peculiar with the way our LDAP user import was set up (or at least I felt it was a bit peculiar). We have never synched our ServiceNow users’ statuses (active/locked out) with the associated status in active directory. This rarely came up until I was asked to create a unique notification report for HR that required the knowledge if a user was active or not. This is my saga to find a way to ensure the users’ statuses in ServiceNow matched their status in active directory.
The back story (Note this was all done in our dev environment using an update set first [just in case you imagined I was doing this the fast way – directly in production.]):