Hi Experts,
Has anyone been able to do an attribute sync on the AD accountexpires attribute.?
We have created an Identity attribute with Date transform (“outputFormat”: “MM/dd/yyyy hh:mm:ss a ‘UTC’”) in the same format as that of the accountexpires aggregated value from AD (eg. 11/30/2023 00:00:00 AM UTC) to keep the attribute sync working.
But when IDN tries to write the datetime value to AD, AD seems to be adding 5 hours to the Identity attribute which breaks the sync and results in infinite modify account tasks.
eg:
Identity attribute - 07/01/2023 00:00:00 AM UTC
accountExpires (AD) - 07/01/2023 05:00:00 AM UTC
If the Identity attribute is transformed to an epoch format, the accountexpires doesn’t add the 5 hours to it but that again breaks the sync due to the different formats of the Identity attribute and AD attribute. Is there a way to aggregate the accountexpires value in epoch format.? That could also solve the issue.
Any guidance would be appreciated.
Related content - https://www.rlmueller.net/AccountExpires.htm