000030637 - AFX: Additional AD attributes under the Disable or Enable Account capability for an AD connector are not updated in AD

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030637
Applies ToRSA Product Set: Identity Management and Governance
RSA Product/Service Type: Appliance
RSA Version/Condition: 6.9.1+
Product Description: Access Fulfill Express
AFX Active Directory Connector
IssueAdditional Active Directory (AD) parameters that have been added under the "Add More..." section of the 'Disable/Enable an Account' Command Input Parameters screen are not updated in AD when a Change Request (CR) is executed. AFX successfully sets the UserAccountControl (UAC) to reflect the account as disabled and the CR reports no errors but the additional parameter(s) are ignored. This is true for custom AD attributes and existing AD attributes.
Custom AD Attribute
User-added image
Existing AD Attribute
User-added image
Neither the custom attribute 'mycustomattribute' nor the existing attribute 'mail' are updated in AD to reflect the new value of 'Disabled.'
CauseCurrently, our AD connector updates only the UserAccountControl attribute. Enhancement request ACM-55232 has been raised for this issue.