Password Check in LifeCycle State transform

Hi, I have a requirement to create a lifecycle state transform in which if password crosses 98 days, then account in AD should be disabled and if password crosses 120 days, then account should be deleted in AD. I am using below transform for same but it is not working.

{
    "name": "Password Check Transform",
    "type":"static",
    "attributes": {
        "currentDate": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type":"dateMath",
                            "attributes": {
                                "expression": "now"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        },
        "98DayCheck": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type":"dateMath",
                            "attributes": {
                                "expression": "now+98d"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                 "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        },
        "120DayCheck": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type":"dateMath",
                            "attributes": {
                                "expression": "now+120d"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        }
                },
        "value": "#if($98DayCheck=='true')LPS98#elseif($120DayCheck=='true')LPS120#end"
    }

does the transform return an error?

What is not working about the transform? Does it never pass the 120 day check? Is that because you are checking the 98 day first? Try it the other way round

"value": "#if($120DayCheck=='true')LPS120#{elseif}($98DayCheck=='true')LPS98#end"

Personally I always put {} around my {elseif} statements as sometimes they fail
Also, try to encapsulate your code with ``` so that it formats correctly

Phil

I previewed it on identity level, it is coming out blank.

Hi from the transform you have pasted there are 3 things that needs to be corrected

1. Variable naming should be corrected otherwise they will not get evaluated.

image1087×365 28.4 KB

can you please change the variable name to VTL accepted variable type, maybe its not throwing error but this can be a possible reason
eg: "98DayCheck" can be renamed as "DayCheck98" which is now valid variable name

2. The value statement should be reversed as mentioned by @phil_awlings. Reason being otherwise it will always evaluate it to LPS98 and never goto LPS120.

3. The value statement in the transform should be inside attributes, i.e it should be moved one line up i.e before a closing bracket. See the updated code below that has above 3 solutions implemented…

{
    "name": "Password Check Transform",
    "type": "static",
    "attributes": {
        "currentDate": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "dateMath",
                            "attributes": {
                                "expression": "now"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        },
        "DayCheck98": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "dateMath",
                            "attributes": {
                                "expression": "now+98d"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        },
        "DayCheck120": {
            "type": "dateCompare",
            "attributes": {
                "firstDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "dateMath",
                            "attributes": {
                                "expression": "now+120d"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "secondDate": {
                    "type": "dateFormat",
                    "attributes": {
                        "input": {
                            "type": "accountAttribute",
                            "attributes": {
                                "sourceName": "AD",
                                "attributeName": "pwdLastSet"
                            }
                        },
                        "inputFormat": "yyyy-MM-dd",
                        "outputFormat": "ISO8601"
                    }
                },
                "operator": "gt",
                "positiveCondition": "true",
                "negativeCondition": "false"
            }
        },
       "value": "#if($DayCheck120==‘true’)LPS120#elseif($DayCheck98==‘true’)LPS98#{else}#end"
    }
}

Hope this helps…

Getting this error : There was an exception while calculating the value for this attribute. Text ‘’ could not be parsed at index 0

1. You have now+98d or now+120d, which in my opinion should be now-Nd. Otherwise you are checking if N days in future is greater than pwdLastSet Date, which does not seem right.
2. Does pwdLastSet will always have a value? If it does not your dateFormat inside dateCompare will not work. You need to insert a firstValid to pass a date in future so that transform works
3. In your original transform value is outside attributes block. It should be inside. Top level keys for any transform are type and attributes, and everything else goes inside the attributes block
4. You don’t have any value to be returned for currentDate

Thanks! I have updated few things in it but now I am getting : There was an exception while calculating the value for this attribute. null
pwdLastSet have values in this format - 133669691020550057

Updated transform :

{
  "name": "Password Check Transform",
  "type": "static",
  "attributes": {
      "pwdLastSetDate": {
          "type": "dateFormat",
          "attributes": {
              "input": {
                  "type": "accountAttribute",
                  "attributes": {
                      "sourceName": "AD",
                      "attributeName": "pwdLastSet"
                  }
              },
              "inputFormat": "WINDOWS_FILETIME",
              "outputFormat": "yyyyMMdd"
          }
      },
      "currentDate": {
          "type": "dateFormat",
          "attributes": {
              "input": {
                  "type": "dateMath",
                  "attributes": {
                      "expression": "now"
                  }
              },
              "inputFormat": "WINDOWS_FILETIME",
              "outputFormat": "yyyyMMdd"
          }
      },
      "DayCheck98": {
          "type": "dateCompare",
          "attributes": {
              "firstDate": {
                  "type": "dateFormat",
                  "attributes": {
                      "input": {
                          "type": "dateMath",
                          "attributes": {
                              "expression": "now-98d"
                          }
                      },
                      "inputFormat": "WINDOWS_FILETIME",
                      "outputFormat": "yyyyMMdd"
                  }
              },
              "secondDate": {
                  "type": "dateFormat",
                  "attributes": {
                      "input": {
                          "type": "accountAttribute",
                          "attributes": {
                              "sourceName": "AD",
                              "attributeName": "pwdLastSet"
                          }
                      },
                      "inputFormat": "WINDOWS_FILETIME",
                      "outputFormat": "yyyyMMdd"
                  }
              },
              "operator": "gt",
              "positiveCondition": "true",
              "negativeCondition": "false"
          }
      },
      "DayCheck120": {
          "type": "dateCompare",
          "attributes": {
              "firstDate": {
                  "type": "dateFormat",
                  "attributes": {
                      "input": {
                          "type": "dateMath",
                          "attributes": {
                              "expression": "now-120d"
                          }
                      },
                      "inputFormat": "WINDOWS_FILETIME",
                      "outputFormat": "yyyyMMdd"
                  }
              },
              "secondDate": {
                  "type": "dateFormat",
                  "attributes": {
                      "input": {
                          "type": "accountAttribute",
                          "attributes": {
                              "sourceName": "AD",
                              "attributeName": "pwdLastSet"
                          }
                      },
                      "inputFormat": "WINDOWS_FILETIME",
                      "outputFormat": "yyyyMMdd"
                  }
              },
              "operator": "gt",
              "positiveCondition": "true",
              "negativeCondition": "false"
          }
      },
      "value": "#if($DayCheck120=='true')LPS120#{elseif}($DayCheck98=='true')LPS98#end"
  }
}

hey there @imspurohit7991! a couple of issues to correct here. for starters, we can remove the currentDate variable from the transform - it’s not used anywhere anyway. secondly, for the Active Directory pwdLastSet attribute, you want to use "inputFormat": "EPOCH_TIME_WIN32" rather than any of the other formats attempted.

Hi @imspurohit7991 ,

If you encapsulate your code with these ``` its much easier for everyone to read and copy:

{
  "name": "Password Check Transform",
  "type": "static",
  "attributes": {
+
+
+

Phil

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.