Users unexpectedly disabled by last activity date dxPwdLoginTime


Article ID: 141986


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite



A custom bulk task for disabling users by last login date unexpectedly disables too many users. We found out that, dxPwdLoginTime stamp is showing last years date for these users even though these users had logged into the system as recently as a few days ago,

We need to understand how the value is being stored as 2018 even though users had logged in last week as well.



By default in vAPP, the well-known attribute %LAST_LOGIN_DATE%, which is mapped to the physical attribute imLastLoginDate, is the one that tracks login date.

The IDM application does not use dxPwdLoginTime unless you've customized CA Directory with a password policy or you somehow use dxPwdLoginTime in your customized Disable Inactive User task.

Normally, if you are tracking last logins you should be looking at imLastLoginDate and using it in any custom tasks.