If you have configured Nexus to authenticate using Active Directory, and you are making use of the User Token feature in Nexus professional you will find that users will still be able to access the server using their user tokens even if you have disabled their Active Directory accounts.
Of course you can work around this by editing the user in Nexus and clicking on "reset token". However, there is a better way to prevent this.
Go to "security/ldap", click on the "user & group settings" tab.
Then set the "user filter" field as follows:
This will prevent disabled users from showing up in LDAP search results. And user tokens will not work for users that cannot be found in any configured security realm.
Note that the above configuration will only work for Active Directory.
For reference: http://support.microsoft.com/kb/269181