0 votes

I want to send reminder emails that a users password is going to expire when their password is going to expire in 14, 7, 3, and 1 days.

I have setup 4 different scheduled tasks, each one runs daily at 9am. The tasks are as follow:

  • Task 1 - if password will expire in less than 15 days then send email
  • Task 2 -if password will expire in less than 8 days then send email
  • Task 3 - if password will expire in less than 4 days then send email
  • Task 4 - if password will expire in less than 1 day then send email

The problem with this is that once the criteria for Task 2 is met, it's also meeting the criteria for Task 1, and the user gets 2 emails, one from Task 1 and another from Task 2. This compounds for Task 3 and 4, where the user ends up getting 3 and 4 emails.

It's unnecessary for the user to get multiple back-to-back emails like this. I'm not finding any way to alleviate this symptom using the logic afforded by the scheduled tasks themselves. Am I going to have to transition to running a daily PowerShell script, where I do the actual password expiration check in the PowerShell script?

by (220 points)

1 Answer

0 votes
by (226k points)
selected by
Best answer

Hello,

There is no need to use PowerShell script. You can achieve what you need using built-in conditions. Also, you need only one Scheduled Task with only one set of actions and conditions. To create such a task:

  1. Launch Adaxes Administration Console.
  2. Right-click your Adaxes service node, navigate to New and click Scheduled Task.
  3. On step 3 of the Create Scheduled Task wizard, select User object type and click Next.
  4. Click Add Action and select Send e-mail notification.
  5. Fill in the fields and click OK.
  6. Right-click the action you have created and click Add Condition.
  7. Select If <property><relation><value>.
  8. Select If PasswordExpiresDaysLeft equals 14 and click OK.
  9. Repeat steps 6-8 for each condition you need (7, 3 and 1 day).
  10. Click the AND logical operator to change it to OR.
  11. Finish creating the Scheduled Task.

You should have something like the following:

0

The problem with your suggested route is that I'm sending a different email for each condition (they get slightly more annoying the closer you are to expiration).

I see you are using a different property in your suggestions, PasswordExpiresDaysLeft. I am using "if the user password will expire in less than X days", which is why I am getting the multiple emails firing on each separate task. I'm also getting the email sent daily, which isn't the intended result. I want 1 email at 14 days left, 1 email at 7 days left, 1 at 3 days left, and 1 email at 1 day left.

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

I also have a task that sends an SMS "if password has expired". The intention is for this SMS to be sent only one time, but I now see it's sending it every day when the task runs. Is there a condition I can use that will cause this to only be sent once?

0

Hello,

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

Yes. That is exactly what you need. The Task will look like the following:

Is there a condition I can use that will cause this to only be sent once?

You need to add a condition that will check whether a notification has already been sent. For this purpose, you can use a certain flag. When sending the notification, you can set the flag to prevent further notifications. When a user changes or resets a password, the flag needs to be removed.

To achieve this, we recommend using a Boolean Adaxes Custom Attribute (e.g. CustomAttributeBoolean1). Adaxes custom attributes are virtual properties that are not stored in Active Directory, but can be used as any other property of directory objects. To set the flag, you can set the attribute to True, and to remove it, you can clear the attribute. In other words, your task will look something like the following:

To add the required actions and conditions to your Scheduled Task:

  1. Launch Adaxes Administration Console.
  2. Navigate to Configuration/Scheduled Tasks and select the task.
  3. Right-click the Send e-mail notification action and click Add New Action in the context menu.
  4. Select Update the User and click Add.
  5. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
  6. Select True in the New value field and click OK.
  7. Right-click the Send e-mail notification action again and click Add Condition in the context menu.
  8. Select If <property><relation><value>.
  9. Select If CustomAttributeBoolean1 does not equal True and click OK.
  10. Click Add action to a new set in the Result Pane.
  11. Select Update the User and click Add.
  12. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
  13. Select Remove property and click OK twice.
  14. Double-click Always and select If account/password <expiration status>.
  15. Select If the User password has not expired and click OK.
  16. Right-click the action you have created and click Add Condition in the context menu.
  17. Select If <property><relation><value>.
  18. Select If CustomAttributeBoolean1 equals True.
  19. Click OK and save the changes.

Related questions

0 votes
1 answer

Right now I have a scheduled task that runs on all user accounts and sends and HTML email to users when their password will expire. The problem with this method is that ... to look for users with expiring passwords. I could use some help sorting that out.

asked Jul 10, 2020 by dtb147 (250 points)
0 votes
1 answer

Can you help us understand how the password expiration is sourced, is it calculated by Adaxes or just displayed based on an AD attribute? We have some users that apparently do ... the field "Password Expiration Date" but we don't know how that is populated.

asked Jul 28, 2015 by theckel (520 points)
0 votes
1 answer

Hi, we are using a scheduled job in Adaxes to notify users that their password will expire in x days. Now, we as IT were approached by Marketing to set up all ... ;/div&gt; &lt;/body&gt; &lt;/html&gt; Your help would be highly appreciated kind regards Ingemar

asked Mar 2, 2015 by ijacob (960 points)
0 votes
1 answer

I need a report script that will email me a list of the users with these field values: DN,cn,display name,%adm-PasswordExpires% Thanks!

asked Aug 8, 2012 by mpaul (360 points)
0 votes
0 answers

Hello, I have a nice branded HTML email I'd like to use for the Self Service Invite and Self Service Password reset Emails. Is it possible to use HTML in the test fields under ... text so I'm guessing I can't but figured I'd ask rather than assume! Thanks!

asked Nov 19, 2015 by drew.tittle (810 points)
2,779 questions
2,511 answers
6,574 comments
25,626 users