You've been open this thread under ZD, so I assume you've an one ... Currently I don't have ZD in front of my eyes, but it definiately can be set under WLAN settings and there you can set max nr of PSK / user.
You already mentioned about AD authentication, why you need usernames and handouts??? I don't get this, you can use DPSK generation dynamically with AD (or any) authentication services.
The authentication itself will be succesfull, however the system will not generate DPSK, therefore the user will not be able to join.
please find recommendation by the Vendor for this topic:
• Every device on the WLAN has its own unique Dynamic PSK (DPSK) that is valid
for that device only.
• Each DPSK is bound to the MAC address of an authorized device - even if that
PSK is shared with another user, it will not work for any other machine.
• Since each device has its own DPSK, you can also associate a user (or device)
name with each key for easy reference.
• Each DPSK may also have an expiration date - after that date, the key is no
longer valid and will not work.
• DPSKs can be created and removed without impacting any other device on the
WLAN
• Limit DPSK: By default each authenticated user can generate multiple DPSKs.
Select this option to limit the number of DPSKs each user can generate (1-4).