000036801 - Termination Date is not populated with the Account Expires date when running an Active Directory Identity Collector (IDC) in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Oct 5, 2018Last modified by RSA Customer Support Employee on Oct 25, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036801
Applies ToRSA Product Set: Identity Governance & Lifecycle
RSA Version/Condition: All

IssueThe RSA Identity Governance & Lifecycle Termination Date field does not populate with the Active Directory accountExpires attribute value when the accountExpires attribute is collected with an Active Directory Identity Data Collector (IDC).


  1.  Note the accountExpires attribute is populated with an expiration date in Active Directory.

User-added image

  1. The data for accountExpires is collected as the Termination Date by the Active Directory IDC.

User-added image

  1. After running the Active Directory IDC and unification, the Termination Date is set in the raw data.

User-added image

  1. In the RSA Identity Governance & Lifecycle user interface, the Termination Date in the user record is blank.

User-added image
CauseThis is expected behavior. In RSA Identity Governance & Lifecycle, the Termination Date field indicates when a user was terminated, not when an active user will get terminated. The Termination Date field will not be set unless the user is actually terminated; that is, when the Is Terminated field is set to true. 
ResolutionThere are two options to resolving this issue:
  1. Collect accountExpires into a custom user attribute,  or
  2. Populate the Termination Date field with the actual date the user is terminated along with the Is Terminated flag.