How does Active Directory attribute UserAccountControl affect AdminUI login?

book

Article ID: 52205

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

When using Active Directory as External Administrator Store, SiteMinder AdminUI login is dependent on the user's current Active Directory userAccountControl attribute value and the status of the account.

Solution:

If UserAccountControl attribute has value 512, user will be granted access.
If UserAccountControl attribute has value 514, user will be denied access.

If UserAccountControl attribute has value 512 and user must change password at next login is not set, user will be granted access.
If UserAccountControl attribute has value 514 and user must change password at next login is set, user will be denied access.

Environment

Release:
Component: SMPLC