How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure the userAccountControl property in the LDAP and .NET Connectors in IDM (All versions)?

Last updated Apr 8, 2021

The purpose of this article is to provide assistance on configuring the userAccountControl property in the IDM LDAP and .NET Connectors. userAccountControl is an Active Directory® attribute that provides information about a user's account status.


Setting up userAccountControl

Add the following text to the account properties section in your provisioner configuration file (for example, provisioner.openicf-ldap.json or provisioner.openicf-ad.json), which is located in the /path/to/idm/conf directory:

"userAccountControl" : {          "type" : "string",            "nativeName" : "userAccountControl",            "nativeType" : "string"  }

The ENABLE property is used to enable or disable a user's account in Active Directory. See How do I use the LDAP Connector in IDM (All versions) to update the ENABLE property in Active Directory? for further information.

If you want to synchronize this attribute from Active Directory to IDM, you need to add the following to the systemAdAccounts_managedUser mapping in the sync.json file (located in the /path/to/idm/conf directory):

{         "source" : "userAccountControl",          "target" : "userAccountControl" }

See Also

How do I use the LDAP Connector in IDM (All versions) to update the ENABLE property in Active Directory?

Connectors Guide › LDAP Connector

How to use the UserAccountControl flags to manipulate user account properties

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.