000037327 - Active Directory Account Data Collector (ADC) incorrectly collects null value for PwdLastSet as date 9999-12-31 in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Apr 10, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037327
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1
If the PwdLastSet attribute in Microsoft Active Directory (AD) is null, RSA Identity Governance & Lifecycle's AD Account Data Collector (ADC) incorrectly collects the value as the date 9999-12-31 with a time value that represents the time of the last collection.

For example, the PwdLastSet attribute may be collected as 9999-12-31 12:45:50.   Since the time portion of the attribute may change between subsequent collections this may incorrectly cause the Account to be marked as Changed even though there was not change to the collected values. 
User-added image
CauseThe date calculation for PwdLastSet is being done incorrectly.   Other date attributes should not exhibit this issue.

This issue is resolved in the following patches.

  • RSA Identity Governance & Lifecycle 7.1.0 P07
  • RSA Identity Governance & Lifecycle 7.1.1 P02
  • RSA Identity Governance & Lifecycle 7.1.2 GA
NotesA zero value is an allowed value for PwdLastSet that indicates the users password has never been set.