Article Content
Article Number | 000032426 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Applies To | RSA Product Set: RSA Via Lifecycle & Governance RSA Product/Service Type: Appliance RSA Version/Condition: 6.9.1 P08 Platform: JBoss | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Issue | The UserAccountControl attribute in Active Directory is used to manipulate the flags on an account. Basic use cases include disabling and enabling the account. For other scenarios, the correct values are needed to change the account appropriately. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Resolution | The reference table below can be used to pass the correct values when updating the userAccessControl value.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Notes | LDAP Active Directory AFX connector expects the User Account Control(UAC) value from the appropriate string or combinations from the table in the ‘property flag’ column. e.g. 1. ACCOUNTDISABLE can be provided to disable an account, 2. “NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD” can be provided to enable an account which is in disabled state and to set flag as password never expires Using an incorrect string or a numeric value will result in it being ignored, as if the field were left empty. |