Locating deactivated accounts in PAM
search cancel

Locating deactivated accounts in PAM


Article ID: 230223


Updated On:


CA Privileged Access Manager (PAM)


An e-mail, generated by PAM, advises that an account has been deactivated. The notice does not identify the account.


Any PAM environment 


Check Session Logs under Session / Session Logs and filter by Column "Details" and Value "deactivated". In a cluster only the node executing the deactivation will show the message(s). The message ID (PAM-CMN-0903 in the screenshot below) depends on the reason for deactivation.

Additional Information

If you are interested in a full list of PAM users that are inactive, you can export the user list by clicking on the Import/Export button on the Users > Manage Users page. Inactive users have column "Active Flag" set to "f" (false). The "Account Disabled Time" column will show at what time the account was disabled. This is a UNIX time stamp. You can use web pages such as EpochConverter to convert this into a human readable time stamp.