0 votes

I want to send reminder emails that a users password is going to expire when their password is going to expire in 14, 7, 3, and 1 days.

I have setup 4 different scheduled tasks, each one runs daily at 9am. The tasks are as follow:

  • Task 1 - if password will expire in less than 15 days then send email
  • Task 2 -if password will expire in less than 8 days then send email
  • Task 3 - if password will expire in less than 4 days then send email
  • Task 4 - if password will expire in less than 1 day then send email

The problem with this is that once the criteria for Task 2 is met, it's also meeting the criteria for Task 1, and the user gets 2 emails, one from Task 1 and another from Task 2. This compounds for Task 3 and 4, where the user ends up getting 3 and 4 emails.

It's unnecessary for the user to get multiple back-to-back emails like this. I'm not finding any way to alleviate this symptom using the logic afforded by the scheduled tasks themselves. Am I going to have to transition to running a daily PowerShell script, where I do the actual password expiration check in the PowerShell script?

by (220 points)

1 Answer

0 votes
by (288k points)
selected by
Best answer

Hello,

There is no need to use PowerShell script. You can achieve what you need using built-in conditions. Also, you need only one Scheduled Task with only one set of actions and conditions. To create such a task:

  1. Launch Adaxes Administration Console.
  2. Right-click your Adaxes service node, navigate to New and click Scheduled Task.
  3. On step 3 of the Create Scheduled Task wizard, select User object type and click Next.
  4. Click Add Action and select Send e-mail notification.
  5. Fill in the fields and click OK.
  6. Right-click the action you have created and click Add Condition.
  7. Select If <property><relation><value>.
  8. Select If PasswordExpiresDaysLeft equals 14 and click OK.
  9. Repeat steps 6-8 for each condition you need (7, 3 and 1 day).
  10. Click the AND logical operator to change it to OR.
  11. Finish creating the Scheduled Task.

You should have something like the following:

0

The problem with your suggested route is that I'm sending a different email for each condition (they get slightly more annoying the closer you are to expiration).

I see you are using a different property in your suggestions, PasswordExpiresDaysLeft. I am using "if the user password will expire in less than X days", which is why I am getting the multiple emails firing on each separate task. I'm also getting the email sent daily, which isn't the intended result. I want 1 email at 14 days left, 1 email at 7 days left, 1 at 3 days left, and 1 email at 1 day left.

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

I also have a task that sends an SMS "if password has expired". The intention is for this SMS to be sent only one time, but I now see it's sending it every day when the task runs. Is there a condition I can use that will cause this to only be sent once?

0

Hello,

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

Yes. That is exactly what you need. The Task will look like the following:

Is there a condition I can use that will cause this to only be sent once?

You need to add a condition that will check whether a notification has already been sent. For this purpose, you can use a certain flag. When sending the notification, you can set the flag to prevent further notifications. When a user changes or resets a password, the flag needs to be removed.

To achieve this, we recommend using a Boolean Adaxes Custom Attribute (e.g. CustomAttributeBoolean1). Adaxes custom attributes are virtual properties that are not stored in Active Directory, but can be used as any other property of directory objects. To set the flag, you can set the attribute to True, and to remove it, you can clear the attribute. In other words, your task will look something like the following:

To add the required actions and conditions to your Scheduled Task:

  1. Launch Adaxes Administration Console.
  2. Navigate to Configuration/Scheduled Tasks and select the task.
  3. Right-click the Send e-mail notification action and click Add New Action in the context menu.
  4. Select Update the User and click Add.
  5. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
  6. Select True in the New value field and click OK.
  7. Right-click the Send e-mail notification action again and click Add Condition in the context menu.
  8. Select If <property><relation><value>.
  9. Select If CustomAttributeBoolean1 does not equal True and click OK.
  10. Click Add action to a new set in the Result Pane.
  11. Select Update the User and click Add.
  12. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
  13. Select Remove property and click OK twice.
  14. Double-click Always and select If account/password <expiration status>.
  15. Select If the User password has not expired and click OK.
  16. Right-click the action you have created and click Add Condition in the context menu.
  17. Select If <property><relation><value>.
  18. Select If CustomAttributeBoolean1 equals True.
  19. Click OK and save the changes.

Related questions

0 votes
1 answer

When I put more than one address in here I get an error if I use a semicolon it will save but doesn't email the second address. I have set my automation to use ... for each email address but thought that was cumbersome to manage. What might I be doing wrong?

asked May 9, 2023 by mightycabal (1.0k points)
0 votes
1 answer

Is it possible to setup a scheduled task for password expiration notifier to send one email a day for accounts whose password will expire in less than X amount of days that have ... expiring on the same day. There will be a lot of emails going at once.

asked Mar 20 by tromanko (330 points)
0 votes
1 answer

I'm using the default builtin password expiration notifier. I have it set to run everyday at 8AM, to check if the password will expire in &lt;7 days, and send an ... saw the task had been running for nearly 24 hours, no completion. What is happening here?

asked Sep 12, 2023 by keecit (60 points)
0 votes
1 answer

Right now I have a scheduled task that runs on all user accounts and sends and HTML email to users when their password will expire. The problem with this method is that ... to look for users with expiring passwords. I could use some help sorting that out.

asked Jul 10, 2020 by dtb147 (290 points)
0 votes
1 answer

Can you help us understand how the password expiration is sourced, is it calculated by Adaxes or just displayed based on an AD attribute? We have some users that apparently do ... the field "Password Expiration Date" but we don't know how that is populated.

asked Jul 28, 2015 by theckel (520 points)
3,535 questions
3,225 answers
8,218 comments
547,712 users