|Applies To||RSA Product Set: Identity Governance & Lifecycle|
RSA Version/Condition: 6.x, 7.1.0
|Issue||When modifying the UserAccountControl (UAC) attribute value in Active Directory (AD) so that a user cannot change their password, the update fails to occur. The property flag, PASSWD_CANT_CHANGE, is being passed to the AD AFX Connector but the UAC value is not updated in AD.|
|Cause||This is a known issue reported in engineering ticket ACM-71014.|
The property flag PASSWD_CANT_CHANGE cannot be changed by directly modifying the UAC attribute. See How to use the UserAccountControl flags to manipulate user account properties for more information.
|Resolution||Engineering made some code changes to enhance the product functionality and allow the UAC to be updated with an AD AFX connector using the PASSWD_CANT_CHANGE property flag. This enhancement is in RSA Identity Governance & Lifecycle versions:|