Hi all,
I want to send email from IIQ to users whose AD password(expires after 6 months) is going to expire after 10 days.
I see that there is an attribute "pwdLastset" in AD but it has a long value and it is not part of the OOTB connector.
How can I achieve this?
Thanks in advance.
Hi @rishavghoshacc,
You can approach this as follows:
This is the recommended and scalable approach in IdentityIQ.
Hi @rishavghoshacc ,
As @santhirajumunganda said you can add the "pwdLastset" attribute to your AD Application Schema.
You can schedule a Run Rule task where you can calculate the password expiry date and compare it with today’s date, if the password expiry date is 10 days before to today’s date. Then you can send the email Notification.
@rishavghoshacc Please try this:
(If your userbase is less, you can also send the email from your customization rule itself).
Hi,
You’re on the right track with pwdLastSet — that’s typically what’s used to calculate password expiry in AD.
Even though it’s not part of the OOTB schema, you can extend the AD application schema in IIQ to bring in pwdLastSet. Once you have that, you can convert the value (since it’s in Windows FileTime format) to a readable date and calculate when the password will expire.
From there, you could use a scheduled task or rule to identify users whose password is expiring in the next 10 days and trigger email notifications.
Alternatively, if your environment supports it, you could also look at using attributes like msDS-UserPasswordExpiryTimeComputed, which directly gives the expiry time and can simplify the logic.
Thanks!
@neel193 When you say “set an attribute like sendPasswordExpireEmail”, what kind of attribute are you mentioning?
@rishavghoshacc You are writing this in customization attribute, so this would be a schema attribute.