|Applies To||RSA Product Set: RSA Via Lifecycle & Governance|
RSA Product/Service Type: Appliance
RSA Version/Condition: 6.9.1 P08
|Issue||The UserAccountControl attribute in Active Directory is used to manipulate the flags on an account. Basic use cases include disabling and enabling the account. For other scenarios, the correct values are needed to change the account appropriately.|
The reference table below can be used to pass the correct values when updating the userAccessControl value.
|Notes||LDAP Active Directory AFX connector expects the User Account Control(UAC) value from the appropriate string or combinations from the table in the ‘property flag’ column.|
1. ACCOUNTDISABLE can be provided to disable an account,
2. “NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD” can be provided to enable an account which is in disabled state and to set flag as password never expires
Using an incorrect string or a numeric value will result in it being ignored, as if the field were left empty.