In the Active Roles Console, as an Active Roles Admin, navigate to Configuration/Server Configuration/Virtual Attributes
Create a new Virtual Attribute named edsvaAccountExpiresReadable which is:
- Syntax: DirectoryString
- Linked to the user class
- Stored
Reconnect in the Active Roles Console so that this new Virtual Attribute is available.
Create a new script module and use the contents below:
#*********************************************************************************
# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
#
# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
# PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
#*********************************************************************************
function IsAttributeModified ([string]$AttributeName, $Request)
{
$objEntry = $Request.GetPropertyItem($AttributeName, $Constants.ADSTYPE_CASE_IGNORE_STRING)
if ($objEntry -eq $null) { return $false }
if ($objEntry.ControlCode -eq 0) { return $false }
return $true
} #-- IsAttributeModified
function onPreModify($Request)
{
if($Request.class -ne "user"){return}
if(IsAttributeModified "accountExpires" $Request)
{
[string]$accountExpiresReadable = [datetime]::fromfiletime($Request.Get("accountExpires"))
$DirObj.Put("edsvaAccountExpiresReadable", $accountExpiresReadable)
$DirObj.SetInfo()
}
}
#***** END OF CODE ***************************************************************
Add this script module into an Active Roles Policy as a Script Execution and link to the desired container(s).