Multiple password expiration reminder emails

Question

I want to send reminder emails that a users password is going to expire when their password is going to expire in 14, 7, 3, and 1 days.

I have setup 4 different scheduled tasks, each one runs daily at 9am. The tasks are as follow:

• Task 1 - if password will expire in less than 15 days then send email
• Task 2 -if password will expire in less than 8 days then send email
• Task 3 - if password will expire in less than 4 days then send email
• Task 4 - if password will expire in less than 1 day then send email

The problem with this is that once the criteria for Task 2 is met, it's also meeting the criteria for Task 1, and the user gets 2 emails, one from Task 1 and another from Task 2. This compounds for Task 3 and 4, where the user ends up getting 3 and 4 emails.

It's unnecessary for the user to get multiple back-to-back emails like this. I'm not finding any way to alleviate this symptom using the logic afforded by the scheduled tasks themselves. Am I going to have to transition to running a daily PowerShell script, where I do the actual password expiration check in the PowerShell script?

Answer 1

Hello,

There is no need to use PowerShell script. You can achieve what you need using built-in conditions. Also, you need only one Scheduled Task with only one set of actions and conditions. To create such a task:

1. Launch Adaxes Administration Console.
2. Right-click your Adaxes service node, navigate to New and click Scheduled Task.
3. On step 3 of the Create Scheduled Task wizard, select User object type and click Next.
4. Click Add Action and select Send e-mail notification.
5. Fill in the fields and click OK.
6. Right-click the action you have created and click Add Condition.
   
7. Select If <property><relation><value>.
8. Select If PasswordExpiresDaysLeft equals 14 and click OK.
   
9. Repeat steps 6-8 for each condition you need (7, 3 and 1 day).
10. Click the AND logical operator to change it to OR.
    
11. Finish creating the Scheduled Task.

You should have something like the following:

Comments

The problem with your suggested route is that I'm sending a different email for each condition (they get slightly more annoying the closer you are to expiration).

I see you are using a different property in your suggestions, PasswordExpiresDaysLeft. I am using "if the user password will expire in less than X days", which is why I am getting the multiple emails firing on each separate task. I'm also getting the email sent daily, which isn't the intended result. I want 1 email at 14 days left, 1 email at 7 days left, 1 at 3 days left, and 1 email at 1 day left.

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

I also have a task that sends an SMS "if password has expired". The intention is for this SMS to be sent only one time, but I now see it's sending it every day when the task runs. Is there a condition I can use that will cause this to only be sent once?

---

Hello,

If I maintain my 4 separate actions, and switch the condition to PasswordExpiresDaysLeft, can I achieve my result intended result, or will I still have overlap?

Yes. That is exactly what you need. The Task will look like the following:

Is there a condition I can use that will cause this to only be sent once?

You need to add a condition that will check whether a notification has already been sent. For this purpose, you can use a certain flag. When sending the notification, you can set the flag to prevent further notifications. When a user changes or resets a password, the flag needs to be removed.

To achieve this, we recommend using a Boolean Adaxes Custom Attribute (e.g. CustomAttributeBoolean1). Adaxes custom attributes are virtual properties that are not stored in Active Directory, but can be used as any other property of directory objects. To set the flag, you can set the attribute to True, and to remove it, you can clear the attribute. In other words, your task will look something like the following:

To add the required actions and conditions to your Scheduled Task:

1. Launch Adaxes Administration Console.
2. Navigate to Configuration/Scheduled Tasks and select the task.
3. Right-click the Send e-mail notification action and click Add New Action in the context menu.
   
4. Select Update the User and click Add.
   
5. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
6. Select True in the New value field and click OK.
   
7. Right-click the Send e-mail notification action again and click Add Condition in the context menu.
8. Select If <property><relation><value>.
9. Select If CustomAttributeBoolean1 does not equal True and click OK.
   
10. Click Add action to a new set in the Result Pane.
    
11. Select Update the User and click Add.
12. Select CustomAttributeBoolean1 in the Property to modify drop-down list.
13. Select Remove property and click OK twice.
    
14. Double-click Always and select If account/password <expiration status>.
15. Select If the User password has not expired and click OK.
    
16. Right-click the action you have created and click Add Condition in the context menu.
    
17. Select If <property><relation><value>.
18. Select If CustomAttributeBoolean1 equals True.
    
19. Click OK and save the changes.