search cancel

Locating deactivated accounts in PAM

book

Article ID: 230223

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

An e-mail, generated by PAM, advises that an account has been deactivated. The notice does not identify the account.

Environment

Any PAM environment 

Resolution

Check Session Logs under Session / Session Logs and filter by Column "Details" and Value "deactivated". In a cluster only the node executing the deactivation will show the message(s). The message ID (PAM-CMN-0903 in the screenshot below) depends on the reason for deactivation.

Additional Information

If you are interested in a full list of PAM users that are inactive, you can export the user list by clicking on the Import/Export button on the Users > Manage Users page. Inactive users have column "Active Flag" set to "f" (false). The "Account Disabled Time" column will show at what time the account was disabled. This is a UNIX time stamp. You can use web pages such as EpochConverter to convert this into a human readable time stamp.

Attachments