Symantec IGA

Expand all | Collapse all

Why UserAttributeControl ( AD Attribute) is set to 544 for a created user

Jump to Best Answer
  • 1.  Why UserAttributeControl ( AD Attribute) is set to 544 for a created user

    Posted 05-26-2016 10:50 AM

    Hi

    I have many users created using CA IM with a password.
    When the users are provisioned in AD, the field UserAttributeControl is set to 544 (which means that the user has an optional password).
    I don't understand why? The user has a password in the userstore.

    Can somebody help me understand why? How is it possible to fix it ?

    Thanks.

    Kind Regards,

    Kanza



  • 2.  Re: Why UserAttributeControl ( AD Attribute) is set to 544 for a created user

    Posted 06-03-2016 03:14 PM

    Kanza:

    If you continue to have problems with this, please open a support ticket with CA Support.

    Thanks

    Palaka Bhattacharya

    Support Delivery Manager



  • 3.  Re: Why UserAttributeControl ( AD Attribute) is set to 544 for a created user
    Best Answer

    Posted 05-26-2016 02:34 PM

    UserAccountControl value 544 means that the account is enabled but must to change password on next logon. How are you creating the AD Accounts? Is it via a Provisioning Role and Account Template? If so you should check the Account Template to see if you have it configured to setting the password must be changed on next logon. If further assistance is required I recommend opening a support case.



  • 4.  Re: Why UserAttributeControl ( AD Attribute) is set to 544 for a created user

    Posted 05-27-2016 04:50 AM

    Thank you Kenyy for your reply.

    The AD accounts are created using Provisioning and Account templates.

    The user is created having the status "16777216" to push him change his password after his first logon.

    However, even if the user is enabled now (After he has changed his password), the userAccountControl keeps the value 544.



  • 5.  Re: Why UserAttributeControl ( AD Attribute) is set to 544 for a created user

    Broadcom Employee
    Posted 05-27-2016 09:06 PM

    Please look into your AD template if "user must change password at next logon" is selected. Are you setting AD account's userAccountControl in PX?