Banks, credit unions, insurance companies,
How does Password Expiration Alerting work?
|Question||How does Password Expiration Alerting work?|
|Answer||Note: This only includes the main function algorithm and advanced features are not included.
1. An LDAP query is used to determine the Maximum Password Age for the domain.
2. A list of users is also determined via an LDAP query.
3. First user from the list is processed.
4. The pwdlastset attribute value is determined for this user.
5. The number of days before the password expires is determined based on the Maximum Password Age as well as the value contained in pwdlastset.
6. There is a check to determine if the user matches the conditions specified in the configuration (List users whose passwords are going to expire in X days, Notification options and some Advanced settings).
7. If the user matches the conditions specified then the user is added to the report. If not then the next user in the list is processed.