Adaxes

User account expires is "unspecified"

0 votes

Hi,

I set up a scheduled task to disabled expired accounts. The date is set to AD by our HR software - always set to %date% 12:00 AM.

My condition is set to: image.png

I noticed more than expected accounts got disabled, cause Adaxes shows their account expires attribute as "unspecified". AD attribute editor shows as normal "never".

Also I can set this "unspecific" value to accounts ... why?

Looking into account expire property with Powershell I can see "never" has value "9223372036854775807" "unspecified" has value "0" image.png

How can I look for those accounts? I didn't found any filter option.

Thanks.

by (1.1k points)

1 Answer

0 votes
by (272k points)

Hello,

The behavior is by design in AD. It allows you to have accounts that never expire, that expire on a specific date and that do not have the property specified. In fact, user that have the Account Expires set to 9223372036854775807 or 0 will both never expire. If you want to have a condition that will only be met for users that have the Account Expires set to 0 (unspecified), use the following approach: image.png

Related questions

0 votes
1 answer
Remove User Groups from User with account expires after one month with a scheduled task

Hello! how do i manage do get adaxes to remove all groups from the user after one month? We have a Business Rule where you can add an end of Date when the Account ... value field the powershell script works but not with the +1 Month. Thanks for your help!

asked Jun 14, 2023 by eww ag (140 points)
0 votes
1 answer
Business Rule to set Account Expires to 5 pm

Hello, I'd like the change the behavior of the account expires field from end of the day meaning 12am the next day to a specific time on the date specified. Example 5pm on ... got the idea from here: https://mikefrobbins.com/2013/12/12/set ... owershell/

asked Jul 31, 2019 by polley (1.2k points)
0 votes
1 answer
What is the best way of establishing the last logon when a user account has both a AD and AzureAD user account?

I am unsure how to deal with this because of how Adaxes treats one identity account as two different objects, an AD and AzureAD user account, and both has different last logon values. What is a good way to combine the data?

asked Apr 22 by Daniel (100 points)
0 votes
1 answer
Is there a way to update the account expiry after a user logs into a computer?

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (60 points)
0 votes
1 answer
What specific permission is needed in a security role to grant access to enable a user account?

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
3,358 questions
3,057 answers
7,805 comments
545,186 users