Knowledge Partner
Knowledge Partner

Re: Error Unlocking AD account

On Wed, 30 May 2012 16:26:01 +0000, ccandotti wrote:

> i'm trying to unlock AD accounts with IDM, i create a policy and put it
> in the AD Driver set.

Problem #1 - You can't add userAccountControl. The attribute is already
present, so "adding" it makes no technical sense.

Problem #2 - You can't write to all bits of userAccountControl. Some of
them are DC write only, and are read only to the application layer (where
you're at).

Solution to both: For manipulating userAccountControl, you should use the
pseudo attributes that the IDM driver for MAD makes available, so you
don't have to mess with figuring out the bitfield values and dealing with
the read only bits. See, for example, dirxml-uACAccountDisable in the

Also, which sort of "unlock" are you attempting here?

Some documentation on the userAccountControl bitmap:


David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

Labels (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.