Password expiration notification problem

Comments

4 comments

  • Avatar
    Tatiana Golubovich

    Hi Christian, 

    To troubleshoot this rule can you please run this PowerShell script and send us the result?

    get-aduser -Properties * -Identity <samAccountName> -Server <DCName> | ConvertTo-Json -Depth 3 | Out-File c:\temp\1.txt
     
    Please change <samAccountName> with the problem user samAccountName.
    To get the DC Name in Admin Console navigate to Home > Configuration > Connected Systems Extensions > Active Directory and copy it from the Managed domains table next to the default domain:
     
    Tatiana
      

     

    0
    Comment actions Permalink
  • Avatar
    Tatiana Golubovich

    Hi Christian, 

    I should ask you to reply to the thread on the Cayosoft Admin community page. Otherwise, our replies are not posted on the community.

    The script I sent you before doesn't request the required attributes. Can you please run the new script below and send us the output file. Don't forget to replace user samAccountName and DC Name:

    get-aduser -Properties PasswordExpired,PasswordNeverExpires,"msDS-UserPasswordExpiryTimeComputed" -Identity <samAccountName> -Server <DCName> | ConvertTo-Json -Depth 3 | Out-File c:\temp\1.txt

    Also, can you check your AD and Exchange schema version by the PowerShell script below?
    You need the PowerShell module for Active Directory on your system. It is available on your domain controllers or on the machine where Cayosoft Administrator is running.
    The version information is read directly from Active Directory, you don’t need an elevated prompt to run it.

    Import-Module ActiveDirectory
    $SchemaVersions = @()
    $SchemaPartition = (Get-ADRootDSE).NamingContexts | ? { $_.SubString(0, 9).ToLower() -eq 'cn=schema' }
    $SchemaVersionAD = (Get-ADObject $SchemaPartition -Property objectVersion).objectVersion
    $SchemaVersions += @{'Active Directory' = $SchemaVersionAD}
    $SchemaPathExchange = "CN=ms-Exch-Schema-Version-Pt,$SchemaPartition"
    If (Test-Path "AD:$SchemaPathExchange") {
     $SchemaVersionExchange = (Get-ADObject $SchemaPathExchange -Property rangeUpper).rangeUpper
    }
    Else {
     $SchemaVersionExchange = 0
    }
    $SchemaVersions += @{'Exchange' = $SchemaVersionExchange}
    Write-Output $SchemaVersions

    Tatiana

    0
    Comment actions Permalink
  • Avatar
    Christian Fournier

    Hi Tatiana,

    here's the requested outpout :

    "PropertyCount":  14,
    "msDS-UserPasswordExpiryTimeComputed": 132571888357602997,
    "ObjectGUID": "6ad401dc-6762-4ec6-8a71-f3c233bbe08a",
    "PasswordExpired": true,
    "PasswordNeverExpires": false,
    "PwdLastSet": 132569296357602997

    132569296357602997 | get-date --> thursday february 4 0421 16:27:15

    132571888357602997 | get-date --> sunday february 7 0421 16:27:15

    3 days ! So wtf ? I dug a little, and find out there was a fine-grained password policy applied to this user (password expire after 3 days) ! So everything works as expected.

    Thank you for your help, best regards.

     

    0
    Comment actions Permalink
  • Avatar
    Tatiana Golubovich

    Ok, glad to help! 

    0
    Comment actions Permalink

Please sign in to leave a comment.