This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SecurID® Governance & Lifecycle Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.

How to update an Active Directory Account Attribute to have no value <not set> using an Active Directory AFX Connector in RSA Identity Governance & Lifecycle

Article Number

000036921

Applies To

RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.x
 

Issue

An Active Directory account attribute can be set to:
  • an actual value
  • NULL
  • <not set>
This RSA Knowledge Base Article describes how to update an Active Directory account attribute to have no value <not set> rather than NULL using an Active Directory AFX connector.

Below is an example of the Department Active Directory account attribute having no value (<not set>).
 
Image descriptionImage description

 

Resolution

To use AFX to clear the attribute value:
  1. Add a Command Input Parameter to the Update an Account capability in the format of remove_<attribute-name>. In this example, the parameter would be called remove_department.

NOTE: The parameter is case sensitive. Remove must be in lowercase and the attribute name must appear exactly as it does in the Active directory attribute editor.

  1. Pass the current value of the attribute in the Command Input Parameter. In this example, the current value is Support.

NOTE: You must know the current value as this will only work if you pass the current parameter to AFX.


EXAMPLE:

In the following example, user Rita Book belongs to the Support department and AFX will update her department to <not set>.
  1. Note the Department is set to Support in Active Directory:
Image descriptionImage description
 
  1. Modify the Active Directory AFX connector Update an Account capability as follows (AFX > Connectors > {connector name} > Edit > Capabilities tab}
Image descriptionImage description
 
  1. To clear the value for the department attribute, pass current value of the attribute.which is Support. Note that this connector is in test mode to enable the Test Connector Capabilities button (AFX > Connectors > {connector name} > Edit > General tab > set State to Test.)
Image descriptionImage description
 
  1. Note the Department attribute has been updated to <not set>
Image descriptionImage description
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2021-04-23 03:01 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.