000036921 - How to update an Active Directory Account Attribute to have no value <not set> using an Active Directory AFX Connector in RSA Identity Governance & Lifecycle

• an actual value
• NULL
• <not set>

1. Add a Command Input Parameter to the Update an Account capability in the format of remove_<attribute-name>. In this example, the parameter would be called remove_department.

NOTE: The parameter is case sensitive. Remove must be in lowercase and the attribute name must appear exactly as it does in the Active directory attribute editor.

2. Pass the current value of the attribute in the Command Input Parameter. In this example, the current value is Support.

NOTE: You must know the current value as this will only work if you pass the current parameter to AFX.

1. Note the Department is set to Support in Active Directory:

 

2. Modify the Active Directory AFX connector Update an Account capability as follows (AFX > Connectors > {connector name} > Edit > Capabilities tab}

 

3. To clear the value for the department attribute, pass current value of the attribute.which is Support. Note that this connector is in test mode to enable the Test Connector Capabilities button (AFX > Connectors > {connector name} > Edit > General tab > set State to Test.)

 

4. Note the Department attribute has been updated to <not set>