AXM - How to reset Active Directory account with API when Users account is Locked Out
RSA Access Manager 6.x Microsoft Active Directory Microsoft account policies in use ; No ctscUserAuxClass
AXM - How to reset Active Directory account with API when Users account is Locked Out Users account is locked out in Active Directory. Would like to use Access Manager API to reset Most information on an AD user was kept in the userAccountControl Attribute. In a Windows Server 2003-based domain, LOCK_OUT and PASSWORD_EXPIRED have been replaced with a new attribute called ms-DS-User-Account-Control-Computed. Since msDS-User-Account-Control-Computed is a constructed attribute, it cannot be used in an LDAP search filter or written to.
Currently since the AxM API cannot access the lockout state it writes to the userAccountControl Attribute and disables the account instead. It was found that if we disable then re-enabled the user account that the lock out is cleared. Use the setAdminLockedout method to disable and re-enable the user to clear the lockout. Example of use of this method below.