Why PwdlastSet attribute in Active directory is set to "false"

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hi everyone,

I’m calculating the pwdlastSet attribute value from Ad to update on identity attribute through a transform which looks at date,looks like few user’s value is being set to “false” from AD. This is causing identity processing error on that attribute.
Why and when does pwdlastSet value is set to “false” in AD and how can we work around it?
NOTE: I have a transform to calculate the value, it works when the value in AD has DATE format and works as expected but when it set to false from AD, thats when its failing. TIA

2

The attribute name should be PasswordLastSet in the account schema. This is the datetime formatted attribute.

3

Hi Mark,

In AD, we only have “pwdLastSet: 6/11/2024 5:58:42 PM” attribute.

4

Do you see the value false in AD or just ISC?

In AD, the value of pwdLastSet can be 0 if the user has never changed their password or if someone has set or checked the box for “User must change password at next logon”.

Alicia

5

Alicia,

I see this in ISC now after Aggregation I see its updated to date format. not sure what is the issue.

6

I think what is happening is when the check box is set in Active Directory it is coming to ISC with false for the 0 that is in AD for pwdLastSet. You could handle this in your transform - If the value is false, set the value to xyz. If you want to show a string, you could set the value to “Reset Required”.

1 Like
7

Thanks Alicia, I will try that out.

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.