Steps to reproduce (tested in Crowd 3.2.0)

1. Create two internal directories, Directory1 and Directory2
2. Create two users in Directory1: "USER1" and "user2"
3. Create two users in Directory2: "user1" and "user2"
4. Create an application
5. Add Directory1 and Directory2 to the application, in that order, and set both to "Allow all groups to authenticate"
6. Go to Crowd Admin > Licensing, and recalculate user total
7. It will show you as Three active users (default admin account + "USER1" and "user2")
8. Now, inactive "USER1" and recalculate user total
    

   Expected behavior

Current user count should be "2" (default admin account + "user2")

Actual behavior

Current user count shows "3" (default admin account + "user1" + "user2"). According to Effective memberships with multiple directories states the following:

Inactive users

The membership schemes described above are not used when Crowd determines if a user should be able to authenticate.

Crowd only checks if the user is active in the first (highest priority) directory in which they are found when determining authentication.

For example, an application in Crowd is mapped to two directories: Crowd Internal Directory (primary) and an AD Delegated Authentication Directory (secondary).

User A is inactive in the primary directory
User A is active in secondary directory

Result: Crowd rejects access (authentication), because user A is first found in the primary directory, and the user is inactive there.

Since CWD-5025 - Duplicated users are counted twice in license if the username letter casing does not match is fixed in Crowd 3.2.0, the situation described above should not happen.