How does Migration Manager handle the Enable Status of AD object? (4258116)

NOTE: The following functionality can only be observed if the "Domain Pair" properties, have the "Skip Objects", "Disabled Accounts" option Unchecked.  The product will completely ignore disabled accounts if this checkbox is checked.

The following is using a SYNCHRONIZATION JOB, and performed Source to Target ("One Way Synchronization")

1.  If an account is created by the Directory Synchronization Agent (DSA), where the source account is disabled, it will create the target AD object disabled, Regardless of the checkbox in source scope which is checked or not, which states to "Disable Target Accounts". This is whether you select to do a Full Resynchronization or the Synchronization is in a Delta Sync state. This sets the "MsExchMasterAccountSID" to point to the source AD object on the Target AD Object.

This is explained in the following article:
Setting AEA (MSExchMasterAccountSID) on an object

2.  If a target account already exists (not created by the DSA) only merged, and the source account is disabled, DSA will NOT disable the target account, whether the checkbox in source scope is or isn't checked, which states to "Disable Target Accounts" This is true during a DELTA or Full Resynchronization.  

The following is using a SYNCHRONIZATION JOB, and performed Target to Source ("Two Way Synchronization")

1.  If the account is being created in the Source Domain by the Synchronization, regardless of whether the Target account is enabled or disabled, the Source account will be created disabled.  NOTE: There is no checkbox to "Disable Source Accounts" as there is for the Source Scope handling of objects.  This is true during DELTA or Full Resynchronization.

2.  If the source account already exists (not created by the DSA) only merged, and the target account is disabled, DSA will NOT disable the source account.  This is true during a DELTA or a Resynchronization.

The following is using a Migration session to Migrate and Create &/OR Merge an AD Object.  (This of course is only supported Source to Target  Objects NOT in Directory Synchronization Scope at this time.

1.  Migration session of a Disabled source account (To create Target Account), with both the options unchecked "Enable Target Account, Disable Source Account", the object comes over to the target as DISABLED.

2.  Migration session of a Disabled source account, with the options "Enable Target Account" Checked, and  "Disable Source Account" Unchecked., the object is re-migrated over to the target as ENABLED.  Source object remains as Disabled.

3.  Migration session of a Disabled source account, merged with a target enabled account, with the options "Enable Target Account" Unchecked, and "Disable Source Account" Unchecked. As one would expect, the AD object is merged, and the Target object remains ENABLED, Source object remains DISABLED.

4.  Migration session of a disabled source account, with a target account that already exists (not created by the DSA) only merged, and the source account is disabled, DSA will NOT disable the target account, whether the "Enable" checkbox is checked or unchecked.  The presumption is that the target account is being used, as it is enabled.

If we think about the above scenarios, it absolutely makes sense that the product would function this way, as you would not want to disable an active user account.