Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000038108 - UserAccountControl (UAC) attribute PASSWD_CANT_CHANGE is not updated by the Active Directory AFX Connector in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support

on Nov 15, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000038108
Applies To	RSA Product Set: Identity Governance & Lifecycle RSA Version/Condition: 6.x, 7.1.0
Issue	When modifying the UserAccountControl (UAC) attribute value in Active Directory (AD) so that a user cannot change their password, the update fails to occur. The property flag, PASSWD_CANT_CHANGE, is being passed to the AD AFX Connector but the UAC value is not updated in AD.
Cause	This is a known issue reported in engineering ticket ACM-71014. The property flag PASSWD_CANT_CHANGE cannot be changed by directly modifying the UAC attribute. See How to use the UserAccountControl flags to manipulate user account properties for more information.
Resolution	Engineering made some code changes to enhance the product functionality and allow the UAC to be updated with an AD AFX connector using the PASSWD_CANT_CHANGE property flag. This enhancement is in RSA Identity Governance & Lifecycle versions: RSA Identity Governance & Lifecycle 7.1.0 P02 RSA Identity Governance & Lifecycle 7.1.1 For more information on updating the UAC attribute in AD, please see RSA Knowledge Base Article 000032426 -- How to update the Active Directory UserAccountConrol (UAC) attribute with the Active Directory AFX connector in RSA Identity Governance & Lifecycle

Attachments

Outcomes

0 Comments

Recommended Content