The goal is to only collect accounts into Identity Governance from Active Directory that are active accounts, i.e the accountExpired attribute is >= Today (where Today is the date/time that the LDAP Query/collector is executed).

So we sorta need a dynamic LDAP Query in IG. In Power Shell I could create it with something like this:

$today = (Get-Date).ToFileTime()
$ldapquery = "(&(objectCategory=person)(objectClass=user)(!acco untexpires<=$today))"

Does anyone know of an IG Macro that could be used in IG LDAP queries to accomplish comething like this ? Or perhaps a different work around, or perhaps a post collection filter ?

I really don't want to Attest to accounts that have been expired for a very long time, or years...