The Active Directory (AD) attribute accountExpires represents the number of 100-nanosecond intervals since January 1, 1601. A value of 0 or 0x7FFFFFFFFFFFFFFF (9223372036854775807) means the account will never expire.

This article will explain how to add the accountExpires attribute to the AD schema in Okta, and then how to map it to the Okta profile in a date format.

• Directories
• Lifecycle Management
• Active Directory
• Profile Editor

Please follow the below video or steps: 

1. First, add the attribute to the AD schema in Okta.

   1. Navigate to Directory > Profile Editor > Directories and select the appropriate AD integration.

   2. Select the + Add Attribute button.

   3. Click the box next to accountExpires and click Save.

4. Run a manual import to populate the attribute in the AD profile in Okta.

5. Confirm that the value for the attribute on an expected user can be seen in their Okta Profile under Additional Active Directory Attributes.

2. Next, map the attribute using an expression that will convert the value into a date.

   1. In the Okta Admin Console, navigate to Directory > Profile Editor > Directories, find the correct Directory, and select Mappings.

   2. Search for the accountExpires attribute under the Directory to Okta mappings.

   3. Map the following expression to the desired attribute in Okta. If needed, create a custom attribute for this purpose by following the steps in How to Create a New Custom Attribute in Okta.

      appuser.accountExpires != '9223372036854775807' ? Time.fromIso8601ToString(Time.fromWindowsToIso8601(appuser.accountExpires),"dd-MM-YYYY") : ""