0 votes

Hi,

I set up a scheduled task to disabled expired accounts. The date is set to AD by our HR software - always set to %date% 12:00 AM.

My condition is set to: image.png

I noticed more than expected accounts got disabled, cause Adaxes shows their account expires attribute as "unspecified". AD attribute editor shows as normal "never".

Also I can set this "unspecific" value to accounts ... why?

Looking into account expire property with Powershell I can see "never" has value "9223372036854775807" "unspecified" has value "0" image.png

How can I look for those accounts? I didn't found any filter option.

Thanks.

by (1.5k points)

1 Answer

0 votes
by (294k points)

Hello,

The behavior is by design in AD. It allows you to have accounts that never expire, that expire on a specific date and that do not have the property specified. In fact, user that have the Account Expires set to 9223372036854775807 or 0 will both never expire. If you want to have a condition that will only be met for users that have the Account Expires set to 0 (unspecified), use the following approach: image.png

Related questions

0 votes
1 answer

Hello! how do i manage do get adaxes to remove all groups from the user after one month? We have a Business Rule where you can add an end of Date when the Account ... value field the powershell script works but not with the +1 Month. Thanks for your help!

asked Jun 14, 2023 by eww ag (140 points)
0 votes
1 answer

I am experiencing that I can no longer use computed results such as password expiration date, days left, and so on. Is there any known cause of this? I have ... When sending an email through Scheduled Task, the parameter sends null data in the email.

asked Nov 22 by Daniel (160 points)
0 votes
1 answer

Hello, I'd like the change the behavior of the account expires field from end of the day meaning 12am the next day to a specific time on the date specified. Example 5pm on ... got the idea from here: https://mikefrobbins.com/2013/12/12/set ... owershell/

asked Jul 31, 2019 by polley (1.2k points)
0 votes
1 answer

I am unsure how to deal with this because of how Adaxes treats one identity account as two different objects, an AD and AzureAD user account, and both has different last logon values. What is a good way to combine the data?

asked Apr 22 by Daniel (160 points)
0 votes
1 answer

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (60 points)
3,589 questions
3,278 answers
8,303 comments
548,127 users