AD Password expiration notice

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 3
Registered: ‎02-05-2018
#1 of 8 3,111

AD Password expiration notice

The default AD policy on Windows Server(all editions) defaults to notifying end users at 5 days prior to password expiration that their password is about to expire. Unfortunately, the policy does not work in real life.

 

It would be nice to have an application that can be loaded to generate an expiration email to the AD user to have them change their password. 

 

Currently, the user expires and becomes a help ticket.

Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#2 of 8 3,107

Re: AD Password expiration notice

[ Edited ]

@Harbor,

 

Welcome to the Centrify forums.

We notice that your question is not about Centrify products, but about Windows Active Directory.

 

You can always change when users are notified to change their passwords from 0 to 999 days.  Leverage Group Policy.

Instructions are here:  https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/interactive-logon-...

 

As far as sending an email to the user when the password is about to change, you can look online for a tool, for example this one:  https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27

 

If you are a Centrify customer and would like to have these capabilities (e.g. email notification) in the product, please leverage the idea exchange and/or work with your customer success lead.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 3
Registered: ‎02-05-2018
#3 of 8 3,105

Re: AD Password expiration notice

Policy does not work
Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#4 of 8 3,103

Re: AD Password expiration notice

@Harbor,

 

Let's reload here.

 

In what Centrify product would you like this to be reflected?  Note that you are in the Infrastructure Services (server suite) forum, so if this is for:

  • UNIX/Linux:   Provided that the systems are in scope of the GPO, AD has replicated and the group policy refresh interval has happened (or the adgpupdate command is run), you can verify this easily, provided that your user is within the timing to change their password.  For example, in one of my environments:
    pw-exp.PNG
  • Mac:  You should be getting this:
    Screen Shot 2012-02-29 at 4.01.42 PM.png

Are you referring to another product line?  Or are you talking about the identity platform?

 

R.P

 

R.P

 

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 3
Registered: ‎02-05-2018
#5 of 8 3,094

Re: AD Password expiration notice

I'm just llooking for a working product. Where it fits in your family....up to you
Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#6 of 8 3,093

Re: AD Password expiration notice

I was thinking you are reporting an issue with our Infrastructure Services - Server Suite (UNIX, Linux, Mac) since this is a technical forum to discuss issues, best practices and sharing ideas.

 

I think you may want to engage with our Sales leads .  They can find out exactly what you're looking for and guide you in the right direction.

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant I
Posts: 1
Registered: ‎10-09-2018
#7 of 8 1,960

Re: AD Password expiration notice

@Robertson I am going to second @Harbor 

 

It would be great to have the email sent. I am currently paying for another Password Management system simply because they send out intervaled alerts days before passwords expire. If Centrify would offer this feature I would be able to get rid of the other tool. My organization has tons of remote users so the interactive logon isnt enough.

Centrify Guru I
Posts: 2,433
Registered: ‎07-26-2012
#8 of 8 1,957

Re: AD Password expiration notice

The original poster never replied what product line they owned.  Ultimately you can use the Ideas link above or work with customer success to make this into an RFE.

 

Here's another way to accomplish it too:

https://gallery.technet.microsoft.com/scriptcenter/Password-Expiry-Email-177c3e27

 

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: