How the password expiry notification works:
- When Password Manager runs the “Reminder to Change Password” scheduled task the following data is gathered.
- It looks at the password Last Set (pwdLastSet) attribute for each user.
- It finds the current date from the server
- It checks the relevant password policy for the “Maximum Password Age” value
- It also knows from the configuration of the “Remind Users to Change Password Enforcement Rule” how many days before a password is due to expire a reminder email should be sent out.
- The following formula is used to make that determination.
if c-(b-a) =< d then an email is sent to the user.
This is a simple example since there are other permutations in determining how frequently a user receives a notification but it illustrates the basic concept.
To test notifications:
- Create a new management policy for test purposes.
- Create a couple of test users in their own Test OU. Make sure these users have an email account.
- Determine the “Maximum Password Age” value from the password policy that gets applied to these users.
- Scope the Test OU to the management policies user scope.
- In the “Remind Users to Change Password” user enforcement rule change the value in the “Days before password expiration:” to the same value (or greater) as the “Maximum Password Age” value in the password policy.
- Enable and save the enforcement rule.
- Run the “Reminder to Change Password” scheduled task.
- The users scoped to the Test OU should receive a reminder email.
If users do not receive an email:
- Determine that the users are able to receive emails to their account.
- Delete the data in the comment attribute for the test user(s) created. This will unregister the user(s) remove any evidence that a user may have received an email in the past.
- Enable verbose logging.
PMAdmin | General Settings | Logging | Verbose Logs
- Run the “Reminder to Change Password” scheduled task. The user does not need to be registered.
- Open a support ticket and send all the Password Manager logs that were generated and the name of the test user(s).