Jump to content


Photo

Free Version - Expiration dates horribly wrong


  • Please log in to reply
3 replies to this topic

#1 TechOps

TechOps

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 07 February 2019 - 05:49 PM

I've been trialling the free version installed on a Windows 7 workstation against our Windows Server 2012 R2 domain controller, however the daily administrator e-mails have started alerting me with "passwords about to expire" which don't even appear a manually run report from within the configuration app.

 

For example, this morning's automated e-mail told me of a single user who's password is supposedly expiring in 3 days.

 

However, if I run the administrator report from the client station, it shows me 3 completely different users (no mention of the one from the automated e-mail) with passwords expiring in 12, 13, and 14 days respectively.  Something is VERY wrong with the functionality of this application.



#2 Kirill K

Kirill K

    Advanced Member

  • Administrators
  • PipPipPip
  • 75 posts
  • Gender:Male

Posted 07 February 2019 - 08:44 PM

Hi there,

 

Password Expiration Notification(PEN) operates with pretty simple algorithm, it is getting the following values of Active Directory:

1. Pwd-Last-Set attribute(pwdLastSet)

2. Maximum password age

3. E-mail-Addresses attribute(mail)

 

Then PEN calculates when the password is expired in by the following formula:

Maximum password age - (current day - pwdLastSet)

 

I do not think something wrong with PEN, maybe the password has been changed for that user before you run the report or you changed some settings of PEN.


Best regards,
Support Engineer
 


#3 TechOps

TechOps

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 08 February 2019 - 06:37 PM

-snip- Replaced by next post. Could not delete.  :/



#4 TechOps

TechOps

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 12 February 2019 - 11:59 PM

Hi there,

 

Password Expiration Notification(PEN) operates with pretty simple algorithm, it is getting the following values of Active Directory:

1. Pwd-Last-Set attribute(pwdLastSet)

2. Maximum password age

3. E-mail-Addresses attribute(mail)

 

Then PEN calculates when the password is expired in by the following formula:

Maximum password age - (current day - pwdLastSet)

 

I do not think something wrong with PEN, maybe the password has been changed for that user before you run the report or you changed some settings of PEN.

 

Hi Kirill,

 

Settings are as follows:

 

Enable Password Expiration Notifier - Checked

Send reports to administrators - Checked

List users who accounts or passwords expire in days or less - 14

 

Advanced - Configure:

Include data on expiring accounts in reports - Checked

Ignore users with "Change password at next logon" option enabled - Checked

Ignore users with "Password never expires" option enabled - Checked

Ignore users who do not have email accounts - Checked

Ignore users whose passwords have already expired - Checked

Specify the account that will be used for data collection from the managed domain - Checked

 

This however still does not explain why the list of accounts in the automated e-mail would so wildly differ from the list in the manually generated report.

 

For example, today's automated e-mail listed 3 accounts with expiry in 2, 4, and 4 days respectively.  However a freshly generated manual report lists 3 entirely different accounts with expiry in 11, 12, and 12 days respectively.  None of the accounts in one list are also in the other list.






0 user(s) are reading this topic

0 members, guests, anonymous users