Active Directory Account Data Collector (ADC) incorrectly collects null value for PwdLastSet as date 9999-12-31 in RSA Identity Governance & Lifecycle

4 years ago

Originally Published: 2019-04-04

Article Number

000041765

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1

Issue

If the PwdLastSet attribute in Microsoft Active Directory (AD) is null, RSA Identity Governance & Lifecycle's AD Account Data Collector (ADC) incorrectly collects the value as the date 9999-12-31 with a time value that represents the time of the last collection.

For example, the PwdLastSet attribute may be collected as 9999-12-31 12:45:50. Since the time portion of the attribute may change between subsequent collections, this may incorrectly cause the Account to be marked as Changed even though there was no change to the collected values.

Cause

The date calculation for PwdLastSet is being done incorrectly. Other date attributes should not exhibit this issue.

This is a known issue reported in engineering ticket ACM-92309.

Resolution

This issue is resolved in the following RSA Identity Governance & Lifecycle versions and/or patch levels:

RSA Identity Governance & Lifecycle 7.1.0 P07
RSA Identity Governance & Lifecycle 7.1.1 P02
RSA Identity Governance & Lifecycle 7.2

Notes

A zero value is an allowed value for PwdLastSet that indicates the users password has never been set.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles