|Applies To||RSA Product Set: RSA Identity Governance & Lifecycle |
RSA Version/Condition: 6.9.1 P03, 7.x
|Issue||After upgrading RSA Identity Governance & Lifecycle to 6.9.1 P03 or higher from a version prior to 6.9.1 P03, a previously defined custom account attribute under the Admin > Attributes > Account tab that collects the value of the Active Directory attribute accountExpires is no longer being collected. The collected value displays as empty in the user interface.|
|Cause||Starting in RSA Identity Governance & Lifecycle 6.9.1, support was added to the Active Directory AFX Connector CreateAccount and UpdateAccount capabilities for the Active Directory native accountExpires attribute. Starting in RSA Identity Governance & Lifecycle 6.9.1 P03, support for the Active Directory native accountExpires attribute was added to the default Active Directory Collector as well.|
This issue occurs if a custom account attribute under the Admin > Attributes > Account tab already exists for this attribute. In this case the two attributes will conflict with each other and cause this issue.
|Resolution||Because the Active Directory default collector now collects the native Active Directory accountExpires attribute, any custom account attribute that collects the value of the Active Directory accountExpires attribute is no longer needed. Custom attributes cannot be deleted but they can be renamed. Rename any custom account attribute that collects the value of the Active Directory accountExpires attribute so that it does not confuse users. Update reports and rules to reference the new accountExpires attribute now collected directly from Active Directory.|