Currently task "Synchronize external security groups" flags all non-existant users with a warning/error. This is the case even if the user has been disabled. the check should do either: Ignore user if disabled and not in "AD" or report error if user exists in "AD" but is disabled in octopus.