000031262 - Custom Account Attribute mapped to the Active Directory accountExpires attribute no longer collects a value after upgrading to version 6.9.1 P03 of RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Aug 21, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031262
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle 
RSA Version/Condition: 6.9.1 P03, 7.x
 
IssueAfter upgrading RSA Identity Governance & Lifecycle to 6.9.1 P03 or higher from a version prior to 6.9.1 P03, a previously defined custom account attribute under the Admin > Attributes > Account tab that collects the value of the Active Directory attribute accountExpires is no longer being collected. The collected value displays as empty in the user interface.
 
CauseStarting in RSA Identity Governance & Lifecycle 6.9.1, support was added to the Active Directory AFX Connector CreateAccount and UpdateAccount capabilities for the Active Directory native accountExpires attribute. Starting in RSA Identity Governance & Lifecycle 6.9.1 P03, support for the Active Directory native accountExpires attribute was added to the default Active Directory Collector as well.

This issue occurs if a custom account attribute under the Admin > Attributes > Account tab already exists for this attribute. In this case the two attributes will conflict with each other and cause this issue.
 
ResolutionBecause the Active Directory default collector now collects the native Active Directory accountExpires attribute, any custom account attribute that collects the value of the Active Directory accountExpires attribute is no longer needed. Custom attributes cannot be deleted but they can be renamed. Rename any custom account attribute that collects the value of the Active Directory accountExpires attribute so that it does not confuse users. Update reports and rules to reference the new accountExpires attribute now collected directly from Active Directory.
 

Attachments

    Outcomes