Article Content
Article Number | 000038108 |
Applies To | RSA Product Set: Identity Governance & Lifecycle RSA Version/Condition: 6.x, 7.1.0 |
Issue | When modifying the UserAccountControl (UAC) attribute value in Active Directory (AD) so that a user cannot change their password, the update fails to occur. The property flag, PASSWD_CANT_CHANGE, is being passed to the AD AFX Connector but the UAC value is not updated in AD. |
Cause | This is a known issue reported in engineering ticket ACM-71014. The property flag PASSWD_CANT_CHANGE cannot be changed by directly modifying the UAC attribute. See How to use the UserAccountControl flags to manipulate user account properties for more information. |
Resolution | Engineering made some code changes to enhance the product functionality and allow the UAC to be updated with an AD AFX connector using the PASSWD_CANT_CHANGE property flag. This enhancement is in RSA Identity Governance & Lifecycle versions:
|