Hello all,
I have run into an error, and I was wondering if anyone else has seen this before.
I am creating a user in CA Identity Manager. We have an Active Directory Endpoint, with accountExpires extended in our schema so that we can set the value. I also have a script that converts "End Date" attribute value into the LDAP time needed for Active Directory to set the accountExpires attribute( the script is located in both a create user and modify user). Finally, I have a PX that assigns a provisioning role to the user which will then create the Active Directory account.
Here's the kicker: After creating the user, the user gets the role, and the account is created, yet the PX does not recognize that the account has been created on the endpoint.So the provisioning user has the proper LDAP value, but it doesn't show on the Active Directory account.I have set the PX multiple ways to ensure that the account has at the very least, has been created. Yet it still throws an error.
However, on a modify, after I modify the End Date, it will synchronize down to the endpoint fine, and the value is displayed correctly on the endpoint user.
Has anyone come into contact with an issue like this or have been able to properly set the accountExpires properly on a create?
Thank you.