Jump to content

ITOM / Active Directory User Management Expiry Date


Sam P

Recommended Posts

I wish to set Active Directory account expiry to 12 hours after being generated.  I'm using the Calculate Working Date/Time utility and then formatting the date to the required output to send to AD and this is working fine, however when I check the AD account I notice that the expiry is set to the end of the previous day and there is no scope for the time to be included.  Is there an alternative way to achieve a 12 hour expiry? 

The request could be initiated on any given day / time so should not end at midnight as in theory it could have been requested at 23:55 and still be needed for the full 12 hours, not 5 minutes!  Thanks in advance

image.png.63435a24f9b17bd3d354a80ed8e277a6.pngimage.png.d5fcbe53c201b5f5cdc9b535b33d62d6.pngimage.png.3f6d879cbacc01e762e444b1d142d6af.png

Link to comment
Share on other sites

  • 2 weeks later...

Hi @Sam P,

I've been looking at this date issue this morning, and it is working as documented & expected. Check out the output from the ITOM job for a user that I've created via ITOM, note the datetime that has been set: 

image.png

Note how the value I've provided is the same as the accountExpires attribute against the user object in Active Directory:

image.png

Now, in the Account Expires section of the Account tab, you'll see that the account expires at midnight the previous day:

image.png

This is actually a feature of Active Directory (a hangover from legacy NT domains, apparently), and not an issue with the ITOM package. It's definitely odd, but it is documented on the Microsoft website - see the note section from this article as an example:

image.png

This article contains a good explanation of what is going on here too: https://www.rlmueller.net/AccountExpires.htm.

Just a heads-up too, the other enhancements that you asked for are done and are currently in testing, so should be available in the next day or so :)

Cheers,

Steve

Link to comment
Share on other sites

@Steve G thanks for looking in to this, its a little limiting but cannot be helped.  I'll try and work out how to add 24 hours to the account expiry and do it that way.

5 minutes ago, Steve G said:

the other enhancements that you asked for are done and are currently in testing, so should be available in the next day or so

Again - thanks, look forward to the update.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...