Article Number
000031262
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1 P03, 7.x
Issue
After upgrading RSA Identity Governance & Lifecycle to 6.9.1 P03 or higher from a version prior to 6.9.1 P03, a previously defined custom account attribute under the Admin > Attributes > Account tab that collects the value of the Active Directory attribute accountExpires is no longer being collected. The collected value displays as empty in the user interface.
Cause
Starting in RSA Identity Governance & Lifecycle 6.9.1, support was added to the Active Directory AFX Connector CreateAccount and UpdateAccount capabilities for the Active Directory native accountExpires attribute. Starting in RSA Identity Governance & Lifecycle 6.9.1 P03, support for the Active Directory native accountExpires attribute was added to the default Active Directory Collector as well.
This issue occurs if a custom account attribute under the Admin > Attributes > Account tab already exists for this attribute. In this case the two attributes will conflict with each other and cause this issue.
Resolution
Because the Active Directory default collector now collects the native Active Directory accountExpires attribute, any custom account attribute that collects the value of the Active Directory accountExpires attribute is no longer needed. Custom attributes cannot be deleted but they can be renamed. Rename any custom account attribute that collects the value of the Active Directory accountExpires attribute so that it does not confuse users. Update reports and rules to reference the new accountExpires attribute now collected directly from Active Directory.