Send password expiration notifications to users

Scheduled tasks enable you to send notifications to your users when their passwords or accounts are about to expire. Out-of-the-box, Adaxes provides two built-in scheduled tasks for this purpose – Password expiration notifier and Account expiration notifier. They are configured to send email messages to a user when their password/account expiration date approaches, but they are disabled by default.

In this tutorial, you will learn how to activate the Password expiration notifier task, customize the email notification template, and send password expiry notifications via SMS.

  1. Launch Adaxes Administration console.

     How { #collapse1}

    • On the computer where Adaxes Administration console is installed, open Windows Start menu.

    • Click Adaxes Administration Console.

  2. Expand Adaxes service \ Configuration \ Scheduled Tasks \ Builtin and select Password expiration notifier.

  3. The actions performed by the scheduled task will be displayed on the right.

    By default, the task is configured to run daily and send an email message to each user whose password will expire in 7 days or less. This means users will receive a message every day until their pasword expires or they change it.

    If necessary, you can configure the task to send the notification only once, for example, when the password will expire in exactly 7 days.

     How { #howto_change_days_wait}

    • Right-click the condition and then click Edit Condition in the context menu.

    • In the Condition Parameters section, specify Password - will expire in - exactly - 7 days.

    • Click OK.

  4. To customize the subject and body of the notification email, right-click the Send e-mail notification action, and then click Edit Action.

    You can use value references in the email notification template. They will be replaced with the corresponding property values of the user's account when a notification is sent. For example:

    • %mail% – replaced with user's email address.
    • %adm-PasswordExpiresDaysLeft% – replaced with the number of days left until the password expires.
    • %adm-PasswordExpires% – replaced with the date when the password expires.

    When finished customizing the notification template, click OK.

    Using scripts

    It is also possible to send email notifications using a PowerShell script.

     How {id=use_script_to_send_email}

    • Right-click the Send e-mail notification action, and then click Edit Action.

    • In the Edit Action dialog, select the Run a program or PowerShell script action.

    • Click the Edit button.

      Click the button to provide a custom description for the action.

    • To send an email message from a script, you need to call the SendMail method of the predefined PowerShell variable $Context.

      The following script sends an email message to the user:

      $to = "%mail%"
$subject = "Your password expires in %adm-PasswordExpiresDaysLeft% days"
$bodyText =
@"
Dear %name%,

Your password expires on %adm-PasswordExpires%.
You can change the password anytime at %adm-WebInterfaceUrl%.
"@
$bodyHtml = $null
$Context.SendMail($to, $subject, $bodyText, $bodyHtml)

      For information on how to create scripts for business rules, custom commands, and scheduled tasks, see Server-side scripting.

  5. You can also send urgent notifications via SMS. For example, you may want to send an SMS when the user's password is about to expire in 1 day.

     How { #howto_add_move_action}

    • Click Add new action set.

    Add action

    • Right-click Do nothing, and then click Add Action in the context menu.

    • In the Add Action dialog, select the Send SMS action.

    • Enter %mobile% into the To field. Value reference %mobile% will be replaced with the user's Mobile Phone property value.

    • Enter the SMS message text into the SMS text field. For example:

      You password expires in 1 day

      You can use other value references (e.g. %name%, %department%, %title%) in the SMS text. Before sending an SMS message, Adaxes will replace the value references with corresponding property values of the user's account.

    • When finished, click OK.

    Add condition

    • Right-click Always, and then click Add Condition in the context menu.

    • Select the If account/password <expiration status> condition.

    • In the Condition Parameters section, specify Password - will expire in - exactly - 1 day.

    • Click OK.

  6. By default, the Password expiration notifier task is assigned to All Objects scope. It means it will be executed for all user accounts in all domains managed by Adaxes.

    You can exclude specific users, groups, organizational units, business units, and domains from the activity scope of the task. For example, if you don't want the task to be executed for user accounts located in a specific organizational unit, you can exclude it.

     Step by step { #exclude_scope}

    • In the Activity Scope section, click Add.

    • Make sure objects of the desired type are displayed in the list.

    • Click the object you want to exclude.

    • In the Assignment Options dialog, select the Exclude the selection option.

    • Click OK.

    Alternatively, you can apply the task to specific organizational units, groups of users, business units and domains. To do it, delete the All Objects assignment from the activity scope, and then add the objects you need.

     Step by step { #alternative_assignment}

    • Right-click All Objects, and then click Delete in the context menu.

    • In the Activity Scope section, click Add.

    • Click the object you want to include.

    • Click OK.

  7. Click Save changes.

  8. By default, the Password expiration notifier task is disabled. To enable the task, right-click it, select All Tasks, and click Enable.

Any changes made to built-in scheduled tasks can be discarded. To do it, right-click a scheduled task and then click Restore to Initial State in the context menu.

© Softerra 2022. All rights reserved.
Contact us