For those of you who do not know, about 99% of your logins to Lync are done via a certificate the Lync Front End provides you. The reasons for why this is the default way is a topic for another blog post. Since I just told you that 99% of your logins to lync are certificate based, how does this impact a company for a user who just got abruptly fired and their AD account disabled?
The answer is, the users AD account being disabled does NOTHING to prevent a user from logging into lync should they already have a valid certificate. Which leads me to my next question?