Sam P Posted November 30, 2023 Share Posted November 30, 2023 I wish to set Active Directory account expiry to 12 hours after being generated. I'm using the Calculate Working Date/Time utility and then formatting the date to the required output to send to AD and this is working fine, however when I check the AD account I notice that the expiry is set to the end of the previous day and there is no scope for the time to be included. Is there an alternative way to achieve a 12 hour expiry? The request could be initiated on any given day / time so should not end at midnight as in theory it could have been requested at 23:55 and still be needed for the full 12 hours, not 5 minutes! Thanks in advance Link to comment Share on other sites More sharing options...
Graham Posted November 30, 2023 Share Posted November 30, 2023 Hi @Sam P So we can best understand what's going on, would you mind clarifying how you're processing the expiry date/time once it's been generated? Are you calling one of the ITOM packages and passing this value as a parameter? Graham Link to comment Share on other sites More sharing options...
Sam P Posted December 1, 2023 Author Share Posted December 1, 2023 Hi @Graham thanks, yes using Active Directory User Management - Update operation. I'm very new to ITOM (like, 1 week in!) so happy to have some pointers or to understand if there is a different/better way. Thank you. Link to comment Share on other sites More sharing options...
Graham Posted December 1, 2023 Share Posted December 1, 2023 Hi @Sam P Thanks for the update. It looks like you're doing all the right things, so in the first instance, I think we'll need to take a look at the operations inside the User Update package and make sure those are working as expected. Graham 1 Link to comment Share on other sites More sharing options...
Graham Posted December 11, 2023 Share Posted December 11, 2023 Hi @Sam P To follow up on this, it's now with the development team and an update to the package is expected early next week. Graham 1 Link to comment Share on other sites More sharing options...
Steve G Posted December 18, 2023 Share Posted December 18, 2023 Hi @Sam P, I've been looking at this date issue this morning, and it is working as documented & expected. Check out the output from the ITOM job for a user that I've created via ITOM, note the datetime that has been set: Note how the value I've provided is the same as the accountExpires attribute against the user object in Active Directory: Now, in the Account Expires section of the Account tab, you'll see that the account expires at midnight the previous day: This is actually a feature of Active Directory (a hangover from legacy NT domains, apparently), and not an issue with the ITOM package. It's definitely odd, but it is documented on the Microsoft website - see the note section from this article as an example: This article contains a good explanation of what is going on here too: https://www.rlmueller.net/AccountExpires.htm. Just a heads-up too, the other enhancements that you asked for are done and are currently in testing, so should be available in the next day or so Cheers, Steve Link to comment Share on other sites More sharing options...
Sam P Posted December 18, 2023 Author Share Posted December 18, 2023 @Steve G thanks for looking in to this, its a little limiting but cannot be helped. I'll try and work out how to add 24 hours to the account expiry and do it that way. 5 minutes ago, Steve G said: the other enhancements that you asked for are done and are currently in testing, so should be available in the next day or so Again - thanks, look forward to the update. Link to comment Share on other sites More sharing options...
Steve G Posted December 19, 2023 Share Posted December 19, 2023 Hi @Sam P, Your requested changes are now available for update in the ITOM Package Library: Thanks, Steve Link to comment Share on other sites More sharing options...
Sam P Posted December 19, 2023 Author Share Posted December 19, 2023 @Steve G Brilliant! Thanks so much Link to comment Share on other sites More sharing options...
Sam P Posted December 19, 2023 Author Share Posted December 19, 2023 IT Automations for Active Directory User Management. Added the ability to set the Change Password At Logon attribute when creating new User objects. Could this be extended to the Password Reset operation too @Steve G? Or an option in the Update operation? Link to comment Share on other sites More sharing options...
Steve G Posted December 19, 2023 Share Posted December 19, 2023 @Sam P Sure, apologies we should have added it there too. We'll get that done and let you know when it's live. Cheers, Steve 1 Link to comment Share on other sites More sharing options...
Steve G Posted December 19, 2023 Share Posted December 19, 2023 Hi @Sam P, That's done and released to live, give it 5 minutes and it'll be available in the package library on your instance: Cheers, Steve 1 Link to comment Share on other sites More sharing options...
Sam P Posted December 19, 2023 Author Share Posted December 19, 2023 @Steve G thanks for your help, this is great 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now