Can we use useraccountcontrol attribute for the disable state?
search cancel

Can we use useraccountcontrol attribute for the disable state?


Article ID: 52509


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When WAMUI is configured for external authentication with Active Directory and useraccountcontrol attribute is used for Disabled State then user is unable to login to admin UI. After entering valid credentials user is redirected to //logout.jsp.


The %DISABLE% field is a IM/SM managed field and must be configured to use an empty or non externally managed field.

In this case the customer is using a managed field to control the disablement of the user but as it does not use the IM/SM entries it does not work.

When AD is used as an external Admin user store the useraccountcontrol is always checked in addition to the %DISABLE% field. So the customer should have the functionality they require wihtout having to specify it in the %DISABLE% field.

The order of checking for AD is the %DISABLE% field then the useraccountcontrol field.

The customer should therefore configure the %DISABLE% field to point to an empty field in the AD.


Component: SMPLC