Rule description
This rule queries Active Directory and sends e-mails to users whose password expires in less than the specified number of days. You should schedule enforcement of this to run one time each day.
When to use this rule
Use this rule if you want to:
-
Warn users about password expiration
-
Reduce the time help desk team spends on password-related support tickets
-
Get reports on user account passwords that are about to expire
Administrators can define when and how many times to remind the domain users about their expiring passwords.
Two options here:
-
Send notification daily starting from X number of days before password expiration.
-
Send notification only on specified day intervals, for example, when it is 15,10,5,4,3,2,1 days before password expiry.
Important: To send emails only on specified days intervals, set the Store the notification timestamp with the user account in AD to Yes
After the rule is configured, users, whose password expires in less than the specified number of days, will get emails with the link to the Cayosoft Administrator Web site.
You should delegate users the required set of permissions to enroll and use the Self-Service interface. You also should define end-user questions and set a data-encryption password. See Delegate access to Self-Service Password & Profile management and Сonfiguration of Self-Service password & profile management articles.
Rule Settings
Query Section
| Setting name | Description |
|---|---|
|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
|
AD query criteria |
Query criteria are sent with the query and may improve query performance. Important: In addition to the defined query, user accounts must meet the following conditions:
Tip: For different samples on the criteria builder, see KB20180410-1.
|
|
Filter AD query results |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by found object DN. Tip: For optimal performance, use Query criteria above to filter objects whenever possible.
|
|
Days before users are notified that their password will expire |
This setting can be a single integer value or a specified day intervals, for example: 15,10,5,4,3,2,1:
Important: To send emails only on specified days intervals, set the Store the notification timestamp with the user account in AD to Yes
|
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
Action Section
| Setting name | Description |
|---|---|
|
To User |
Email can be sent to the user whose password about to expire or to Default Notify & Alert Email Address - usually this is administrator's email address. |
| CC, BCC | Email address where the copy will be sent. |
| From | Users can receive emails from default SMTP address or from Default Notify &Alert Email Address |
|
Subject |
Email subject. By default, the number of days before the password expires is added to emails sent by this rule. Tip: It is possible to customize email subject by using different tokens, see Customizing an automation rule or web action output email – Cayosoft Help Center.
|
|
Message |
Message text. Tip: It is possible to customize email message by using different tokens, see Customizing an automation rule or web action output email – Cayosoft Help Center.
|
|
Limit the number of emails sent per minute |
An integer value that represents the number of emails sent per minute by this rule. To change the default value, navigate to Home > Configuration > Settings > Email Settings (SMTP). The default limit for Office 365 SMTP gate is 30 emails per minute. |
|
Store the notification timestamp with the user account in AD |
Store timestamp of successful notification with each user account in Active Directory. Information is used for preventing duplicate notifications and for tracking and reporting purposes. Important: This setting must be set to Yes to send emails only on specified day intervals. In this case, users will get notifications only one time per interval.
And if you use just a single value as a number of days, this setting is not applied and users will get notifications each time when the rule runs (or rule preview), and users have fewer days than the specified value before password expiration. |
|
Attachment |
You can select the file to attach to the Password Expiration Notification email. |
Output Section
Each user, whose password expires in less than the specified number of days, will receive a notification email.
After the user changes the password, they will no longer receive the email message.
Administrators can get reports on user account passwords that are about to expire.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often the e-mail message is sent to the recipients, specified in the query section of this rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 8.3.0 | The Attachment setting is added. |
| 5.4.0 | If the rule is started, and a user account that should receive a notification was moved or renamed, the rule doesn't stop with an error. |
| 5.4.2 | Properties to display setting added. |
| 6.1.0 | The number of days before the password expires is added to emails sent by this rule |
Comments
0 comments
Please sign in to leave a comment.