AD Password Expiration

On NTAD/LDAP Sites, you can configure the Server through a registry key setting, to send an e-mail notifying users that their AD password is about to expire in <n> days. If the user's password expiration date matches any of the list of days in the registry key, a notification e-mail will be sent to the user’s e-mail address specified in the E-Mail address field of the user's AD account. This default setting sends e-mail notifications 30 days, 15 days, 10 days, 5 days, and 1 day before the password expires. You can edit the number of days and frequency to send notifications.

In the EFTClient directory of In the EFTClient directory of the Server installation folder,, the file PasswordChg_EmailInterval.reg provides a script to write the following key to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient]

"PasswordChg_EmailInterval"="30:15:10:5:1"

The string value is in the format of d1:d2:d3 etc. For example, the 30, 15, 10, 5, 1 interval values will be represented by 30:15:10:5:1. It can also be a single value, such as 25 which would send only one e-mail notification on the 25th day before expiration. If the string value is empty, no notifications are sent.

This feature can be turned off by running the PasswordChg_EmailInterval_None.reg script or setting the value of PasswordChg_EmailInterval to null (empty string). When the feature is turned off, notification e-mails are no longer sent to users when their passwords expire. (Both scripts are installed in the EFT Server installation folder, EFTClient subdirectory).

When the password has expired or if the password must be changed at the first login, the following message appears:

Your password has expired. Please create a new password that meets AD complexity requirements.

Related Topic

Changing an AD Password via the Web Transfer Client