How do I configure the userAccountControl property in the LDAP and .NET Connectors in IDM (All versions)?
The purpose of this article is to provide assistance on configuring the userAccountControl property in the IDM LDAP and .NET Connectors. userAccountControl is an Active Directory® attribute that provides information about a user's account status.
Setting up userAccountControl
Add the following text to the account properties section in your provisioner configuration file (for example, provisioner.openicf-ldap.json or provisioner.openicf-ad.json), which is located in the /path/to/idm/conf directory:
"userAccountControl" : { "type" : "string", "nativeName" : "userAccountControl", "nativeType" : "string" }The ENABLE property is used to enable or disable a user's account in Active Directory. See How do I use the LDAP connector in IDM (All versions) to update the ENABLE property in Active Directory? for further information.
If you want to synchronize this attribute from Active Directory to IDM, you need to add the following to the systemAdAccounts_managedUser mapping in the sync.json file (located in the /path/to/idm/conf directory):
{ "source" : "userAccountControl", "target" : "userAccountControl" }See Also
How to use the UserAccountControl flags to manipulate user account properties
Related Training
N/A
Related Issue Tracker IDs
N/A