AD Password Expiration

On NTAD/LDAP Sites, you can configure EFT through a registry key setting to send an e-mail notifying users that their password is about to expire in <n> days. Without this value, EFT (for AD/LDAP Sites) will not attempt to check password status or send notification e-mails. If the user's password expiration date matches any of the list of days in the registry key, a notification e-mail will be sent to the user’s e-mail address specified in the E-Mailaddress field of the user's AD account. This default setting sends e-mail notifications 30 days, 15 days, 10 days, 5 days, and 1 day before the password expires. You can edit the number of days and frequency to send notifications.

EFT executes cleanup procedures every day at 00:00:00 UTC and at Server Startup. This daily server cleanup removes/disables inactive administrators and user accounts and sends password reset and expiration notifications for every Site.

The EFT must have "Log On as a domain user" permission for e-mail notifications to work.

In the Client directory of the Server installation folder, the file PasswordChg_EmailInterval.reg provides a script to write the following key to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Globalscape Inc.\EFT 4.0\EFTClient]

"PasswordChg_EmailInterval"="30:15:10:5:1"

The string value is in the format of d1:d2:d3 etc. For example, the 30, 15, 10, 5, 1 interval values will be represented by 30:15:10:5:1. It can also be a single value, such as 25, which would send only one e-mail notification on the 25th day before expiration. If the string value is empty, no notifications are sent.

(On a 64-bit OS, use the path [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient])

This feature can be turned off by running the PasswordChg_EmailInterval_None.reg script or setting the value of PasswordChg_EmailInterval to null (empty string). When the feature is turned off, notification e-mails are no longer sent to users when their passwords expire. (Both scripts are installed in the \Client directory).

When the password has expired or if the password must be changed at the first login, the following message appears:

Your password has expired. Please create a new password that meets AD complexity requirements.

EFT sends the message and logs the password checking activity, including whether e-mails are sent.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
v7.4.13 | 202309270722 | September 2023