Notify users before password expires

Similar Messages

• DS5.2p4 plugin to notify users of password expiration

  My problem:
  I'm testing per account password policies and most of our ldap client apps are brain dead and won't display the "password is about to expire" message.
  My Solution:
  I was thinking of writing a "preop bind" plugin to send an email to the user. But, the way page 120 reads of the plugin developers guide, I can't "intercept" the "password expiring" control, LDAP_CONTROL_PWEXPIRING.
  My other solution is to just write a script that does an ldapsearch for "passwordExpWarned != 0" and send an email notification. Call the script from cron and it's done.
  I'd like to do this as a plugin, but the more I look, the less elegant the solution would be.
  Any suggestions would be welcome.
  Thanks,
  Roger S.

  Check the following thread ..
  How to create an alert in Oracle Applications
  How to create an alert in Oracle Applications

• Days Before Password Expires

  Hi,
  Our customer would not like to make their users change ME login password.
  However, I don't know the valid range of "Days Before Password Expires" in system rule maintenance.
  Could anybody tell me the current specification?
  I wonder it maybe possible by setting a huge value (ex. 10000 days) and/or 0 day to "Days Before Password Expires".
  Regards,
  Takahiro

  Hello Takahiro,
  You will have to change the password at next login if you set this value to 0. However, it seems as though 10000 is acceptable value.
  Regards,
  Alex.

• Is there a way to alert user about password expiration

  Hi,
  Can we set up some trigger in OIM to kick off a task (or an email notification) x number of days before the user's password expires?
  Any help is appreciated.
  Thanks

  Sure.
  A scheduled task that reads the USR_PWD_EXPIRE_DATE from the USR table.
  You should also be able to read the value using the findUsers API from tcUserOperationsIntf.
  Good luck
  Martin

• Production site is not functioning due to an User Login Password expire.

  Hi All,
  SQL Server 2005
  We have an issue with user login password expire. Generally we create logins without password expire but the user is unable to login to the server and getting password expire error.
  a) What would be the reasons behind this scenario.
  b) How to resolve this issue.
  c) How can we avoid this issue in future.
  I'm really grateful to your valuable suggestions on this. Thank You.
  Regards,
  Kalyan.
  ----Learners Curiosity Never Ends----

  Hi,
  In addition, you can use
  ALTER LOGIN (Transact-SQL) to configure the enforcement of password policy options of a SQL Server login.
  When CHECK_POLICY is changed to OFF, CHECK_EXPIRATION will also be set to OFF. The following combinations of policy options are not supported:
  If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON. Otherwise, the statement will fail.
  If CHECK_POLICY is set to OFF, CHECK_EXPIRATION cannot be set to ON. An ALTER LOGIN statement that has this combination of options will fail.
  More information, please see policy enforcement section in the following TechNet article:
  http://technet.microsoft.com/en-us/library/ms161959.aspx
  Thanks.
  Tracy Cai
  TechNet Community Support

• Exempt UME user for password expiration

  Is there a way to exempt a user from the password expiration setting? For example, passwords for all users are set to expire every 90 days, but a user id, say "monitor_user", is used in monitoring application to perform an automated logon check. Every 90 days when the password expires, the monitor fails. Is there a way to set this user's password not to expire?
  Thanks

  Glen and Giorgio,
  Let me see if I can clear things up a little bit.
  First, there is the security policy which is controlled by the UME properties. This defines password length, logon ID length, etc. These properties apply to the entire AS Java and cannot be trimmed down for individual users. How they apply to users in different data sources also varies. For example, these properties are ignored to some extent if you have an ABAP system as your user store. See the following link:
  http://help.sap.com/saphelp_nw04s/helpdata/en/7f/c52442ad9f5133e10000000a155106/frameset.htm
  Second, as of NW 04s SPS 7 a new user attribute was added, named "security policy". For individual users you can choose one of the following security policies:
  default users (user can logon, password rules apply)
  technical users (user can logon, password does not expire)
  internal service users (user cannot logon, usually do not have passwords)
  There is a fourth policy: unknown users, applies to certain users mapped from an AS ABAP.
  In SPS 7 I believe and latest in SPS 8, you have limited abilities to change the security policy of the user with identity management. You can change the policy from unknown or default to technical but not back.
  In SPS 9 and later you can change the policy from unknown or default to technical and from unknown or technical to default.
  I wonder if support misunderstood your question and thought you were referring to the first type of security policy and not the second.
  Message was edited by: Michael Shea

• Alert user Pending password expiration

  I am looking remind users to change their passwords ahead of time.
  I am manually checking the passwords every day. Group policy is not an option in this case.
  I need to alert the user by email that their Active Directory password will expire in x day's
  This would query a specific OU
  Im looking for this myself, I have no scripting knowledge but eager to learn.
  Has anyone done this already?
  Thanks for reading
  confuseis

  That looks good Thanks. 
  Only thing is that I would need to run this against a specific OU, infuse this with the script below?
  e.g. Ou=Users,Ou=London,DC=WestEurope,DC=Contoso,DC=com
  # Please Configure the following variables....
  $smtpServer="mail.server.com"
  $expireindays = 21
  $from = "Company Administrator <[email protected]>"
  #Get Users From AD who are enabled
  Import-Module ActiveDirectory
  $users = get-aduser -filter * -properties * |where {$_.Enabled -eq "True"} | where { $_.PasswordNeverExpires -eq $false } | where { $_.passwordexpired -eq $false }
  foreach ($user in $users)
    $Name = (Get-ADUser $user | foreach { $_.Name})
    $emailaddress = $user.emailaddress
    $passwordSetDate = (get-aduser $user -properties * | foreach { $_.PasswordLastSet })
    $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
    # Check for Fine Grained Password
    if (($PasswordPol) -ne $null)
      $maxPasswordAge = ($PasswordPol).MaxPasswordAge
    else
      $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    $expireson = $passwordsetdate + $maxPasswordAge
    $today = (get-date)
    $daystoexpire = (New-TimeSpan -Start $today -End $Expireson).Days
    $subject="Your password will expire in $daystoExpire days"
    $body ="
    Dear $name,
    <p> Your Password will expire in $daystoexpire days.<br>
    To change your password on a PC press CTRL ALT Delete and chose Change Password <br>
    <p>Thanks, <br>
    </P>"
    if ($daystoexpire -lt $expireindays)
      Send-Mailmessage -smtpServer $smtpServer -from $from -to $emailaddress -subject $subject -body $body -bodyasHTML -priority High
  confuseis

• User account password expired

  Everytime I try to install updates or downloads.I amtaken to the user account that says my password has expired, I have tried everywhere to try and reset. Best so far is to reinstall windows 8. Are there any other options?

  Hi,
  Firstly, as this forum is for Remote desktop services related question, please let us know if you are just running a standalone Windows 8 PC. If so, it is recommended to post the question
  in Windows 8 forums for help.
  Windows 8 Community
  http://answers.microsoft.com/en-us/windows/forum/windows_8?auth=1
  Windows 8.1 IT Pro forums
  http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
  Meanwhile, you can go to Local Users and Groups (lusrmgr.msc), right click the user account and choose Properties, check Password never expires.
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Portal Users Passwords expiring

  In 9.02 it seems my portal users passwords seem to expire for no reason. When it happens, I have to go in and manually re-set their passwords. Is this a bug or is there some place to control this.

  Set the number of seconds before password expiration that the directory server
  sends the user a warning. By default the "Password Expiration Warning"
  parameter is set to 0, which disables the expiration warning.
  Also if the users need to be able to login after the password expiration set
  the "Number of Grace Logins after Password Expiration" parameter to a
  number greater than 0.
  Change these parameters in the following manner:
  1. Start the Oracle Directory Manager from the home of the iAS Infrastructure
  2. Login as the OID administrator, i.e. orcladmin
  3. Click on the + on the left of Password Policy Management
  4. Click on your password policy to change the settings on the right pane
  5. Set the Password Expiration Warning in seconds i.e. 259200 for 3 days.
  6. Set the Number of Grace Logins after Password Expiration to a greater than 0
  value i.e. 1. This will add a last opportunity for the user after his/her
  password expired.

• Capturing the Message on the Login Page (Invalid user/password expired etc.

  Hi, I have a requirment for capturing the error message on the Login page if the User's Account is expired or Account is Disabled or Invalid credentials, Password Lockout etc.
  I am using the attached login page. Can any one please help me out on this.
  <html><head><title>AARPLogin Page</title>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  // This function automatically gets called for broswer detection
  var isNav4 = false;
  var isIE4 = false;
  var isNS6 = false;
  function obDetectBrowser()
  if ( navigator.appVersion.charAt( 0 ) == "4" )
  if ( navigator.appName == "Netscape" )
  isNav4 = true;
  } else {
  isIE4 = true;
  else
  if ( navigator.appVersion.charAt( 0 ) >= 5 )
  if ( navigator.appName == "Netscape" )
  isNS6 = true;
  obDetectBrowser ();
  var HOSTNAME =
  var COOKIE_OBREQUESTEDURL = "OBREQUESTEDURL";
  var COOKIE_OBFORMLOGINCOOKIE = "ObFormLoginCookie";
  var NCID_LANDING_PAGE_URL = "/landing/";
  var QS_REDIR = "ReDir";
  var keyChooser;
  function checkPasswordEnterKey( event )
  var form = document.forms[0];
  if (isNav4 || isNS6) {
  keyChooser = event.which ;
  } else if (isIE4) {
  keyChooser = window.event.keyCode;
  if (keyChooser == 13) {
  if (
  form.userid.value
  && form.userid.value != ""
  && form.password
  && form.password.value != ""
  form.submit();
  return true;
  else
  alert('Please enter a UserId and Password');
  return false;
  function showHidePanel( panelID, displayValue )
  var panelElement = document.getElementById( panelID );
  if ( displayValue == 'show' )
  panelElement.style.display = 'block';
  else
  panelElement.style.display = 'none';
  function getQueryVariable( variable )
  var query = window.location.search.substring( 1 );
  var vars = query.split( "&" );
  for ( var i=0; i < vars.length; i++)
  var pair = vars[ i ].split( "=" );
  if ( pair[ 0 ] == variable )
  return unescape( pair[ 1 ] );
  return "";
  function Get_Cookie( name )
  var nameEQ = name + "=";
  var ca = document.cookie.split( ';' );
  for( var i=0; i < ca.length; i++ )
  var c = ca[ i ];
  while ( c.charAt( 0 )==' ' )
  c = c.substring( 1, c.length );
  if ( c.indexOf( nameEQ ) == 0 )
  return c.substring( nameEQ.length, c.length );
  return null;
  function Set_Cookie( name, value, expires, path, domain, secure)
  document.cookie = name + "=" + escape( value ) +
  ( ( expires ) ? ";expires=" + expires.toGMTString() : "" ) +
  ( ( path ) ? ";path=" + path : "" ) +
  ( ( domain ) ? ";domain=" + domain : "" ) +
  ( ( secure ) ? ";secure" : "" );
  function Delete_Cookie( name, path, domain )
  if ( Get_Cookie( name ) )
  document.cookie = name + "=" +
  ( (path) ? ";path=" + path : "" ) +
  ( (domain) ? ";domain=" + domain : "" ) +
  ";expires=Thu, 01-Jan-1970 00:00:01 GMT";
  function lostPassword()
  var CurrentLogin = document.forms[0].userid.value;
  if ( CurrentLogin == "" ) {
  alert ( "Please enter your eMail Address." );
  document.forms[0].userid.focus();
  else {
  Set_Cookie( COOKIE_OBFORMLOGINCOOKIE, "done", 0, "/" );
  var LOST_PWD_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=passwordChallengeResponse&login="+CurrentLogin+"&backUrl=http://oradev2.na.aarp.int/login/login.html&target=top";
  window.location = LOST_PWD_PAGE;
  function emailPassword()
  document.passform.submit();
  function onLoad()
  if (getQueryVariable( "MSG" ) == 'LOGIN_FAILED' )
  alert ("Login Failed, Please try again");
  else if (getQueryVariable( "MSG" ) == 'PWD_EXP' )
  alert ("Your Password Is About to Expire. Please Change it at your earliest convenience.");
  var pwdExpUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var PWD_EXP_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+pwdExpUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = PWD_EXP_PAGE;
  else if (getQueryVariable( "MSG" ) == 'CHGPWD' )
  alert ("You are required to change your password.");
  var chgPwdUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var CHG_PWD_PAGE = "http://"+HOSTNAME+"/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+chgPwdUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = CHG_PWD_PAGE;
  </script></head><body onload="onLoad();document.login.userid.focus();" alink="blue" bgcolor="#ffffff" link="blue" vlink="blue">
  <p align="center">
  <img alt="AARP Header Logo" src="login_files/aarpLogo.gif" border="0" height="91" width="219">
  <br>
  </p><form name="login" method="post" action="/access/oblix/apps/webgate/bin/webgate.so">
  <div class="boldText" align="center">
  <h2>Login</h2>
  <div class="boldText" align="left">
  <div id="LoginFailed" style="display: none;">
  <table align="center" bgcolor="#ff0000" border="0" cellpadding="2" cellspacing="0" width="500">
  <tbody><tr>
  <td>
  <table bgcolor="#e5e5e5" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#ffffff">
  <td rowspan="3" height="40" nowrap="nowrap" valign="top">
  <img src="login_files/error.gif" name="error" height="20" width="20">
  </td>
  <td rowspan="3" align="center">
  <p>
  <font color="#ff0000" size="-1">
  <b>
  <div id="TryAgain" style="display: none;">Login Failed! Invalid UserID and/or Password, Please try again.<br></div>
  <div id="AccountLocked" style="display: none;">Your Account has been Locked!</div>
  </b>
  </font>
  </p>
  <p>
  <font color="#ff0000">
  <b>For
  assistance call E-Services Help Line at (XXX) XXX-XXXX Monday through
  Friday between the hours of 8:00 am and 5:00 pm eastern standard time.</b>
  </font>
  </p>
  </td>
  </tr>
  <tr bgcolor="#ffffff">
  </tr><tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  </tbody></table>
  </div>
  <br>
  </div>
  <table border="0" cellpadding="0" cellspacing="0" width="500">
  <tbody><tr>
  <td background="login_files/border_upper_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_top.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_upper_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_left.gif" nowrap="nowrap" width="20"> </td>
  <td>
  <table bgcolor="#ebebce" border="0" cellpadding="2" cellspacing="0" height="100%" width="100%">
  <tbody><tr>
  <td colspan="3" align="center">
  <font color="darkred" face="Arial" size="3">
  <b>
  </b></font>
  <b> </b></td>
  </tr>
  <tr valign="bottom">
  <td colspan="3" width="100%">
  <table bgcolor="#ebebce" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#e5e5e5">
  <td rowspan="2" bgcolor="#ebebce" height="20" nowrap="nowrap" valign="top" width="4%">
  <font color="#000000">
  <span class="text">
  <img src="login_files/arrow.gif" align="top" height="20" width="20">
  </span>
  </font>
  <font color="#000000"> </font>
  </td>
  <td rowspan="2" bgcolor="#ebebce" width="96%">
  <font color="#000000" size="-1">
  <span class="text">Please enter your Email and Password. If you are a new user to AARP, please select First Time AARP User.
  </span>
  </font>
  </td>
  </tr>
  <tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  <tr valign="bottom">
  <td colspan="3">
  <table align="center" border="0" width="349">
  <tbody><tr>
  <td nowrap="nowrap" width="74">
  <font color="#000000" size="-1">
  <div align="left">eMail:</div>
  </font>
  </td>
  <td width="265">
  <input name="userid" value="" size="32" maxlength="32" tabindex="2" type="text">
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <div align="left">Password:</div>
  </font>
  </td>
  <td>
  <p>
  <font color="#000000" size="-1">
  <input name="password" size="32" maxlength="32" length="30" tabindex="3" type="password">
  </font>
  </p>
  </td>
  </tr>
  </tbody></table>
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <p align="center"><b>Forgot Your Password?</b></p>
  </font>
  </td></tr>
  <tr>
  <td align="center"> <font color="#000000" size="-1"><!--
  Reset Password      
  -->
  Email New Password
  </font>
  </td></tr>
  <tr>
  <td colspan="4">
  <div class="boldText" align="center">
  <br>
  <input src="login_files/button_login.gif" name="Submit" value="" alt="login" type="image">
  <!--
  <b class="boldText"><img src="../images/button_login.gif" width="68" height="25" name="img_login" border="0" alt="login"/></b>
  --> <b class="boldText"><img src="login_files/button_clear.gif" name="img_clear" alt="clear" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_help.gif" name="img_help" alt="help" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_cancel.gif" name="img_cancel" alt="cancel" border="0" height="25" width="68"></b>
  </div>
  </td>
  </tr>
  </tbody></table>
  </td>
  <td background="login_files/border_right.gif" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_lower_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_bottom.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_lower_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  </tbody></table>
  <p></p>
  <span class="text"><br><br><b>NOTICE:
  This system is the property of AARP and is for authorized use only.
  Unauthorized access is a violation of federal and state law. All
  software, data transactions, and electronic communications are subject
  to monitoring.</b></span>
  <div id="hr" style="position: absolute; width: 100%; height: 10px; z-index: 90; top: 657px; left: 10px;">
  <hr>
  </div>
  <div id="footer" style="position: absolute; width: 700px; height: 55px; z-index: 115; top: 678px; left: 50px;">
  <span class="subhead">
  Privacy Policy
  Disclaimer
  Contact Us
  </span>
  <span class="bodytext">
  </span></div>
  <form name="passform" action="http://oradev2.na.aarp.int/wampassword/passwordReset.html" method="post">
  <input name="login" value="" type="hidden">
  <input name="backUrl" value="http://oradev2.na.aarp.int/login/login.html" type="hidden">
  </form>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  var undefined;
  if (
  document.login
  && document.login.password
  function clearForm()
  document.login.reset();
  function navigate( linkName )
  if ( 'login' == linkName )
  if ( document.accountLogin.userID.value != '' && document.login.password.value != '' )
  alert('Please click the Account Registration Setup link for now');
  //document.location = 'userDataPersonal.htm';
  else
  alert('Please enter a UserId and Password');
  function openHelp()
  helpDoc = window.open( "http://www.aarp.org", "", "scrollbars=yes,resizable=yes,width=500,height=300" );
  function cancel()
  // open dialog
  var initX = parseInt( window.screenX ) + parseInt( window.outerWidth ) / 2 - 100;
  var initY = parseInt( window.screenY ) + parseInt( window.outerHeight ) / 2 - 50;
  cancelDialog = window.open( "./cancelDialog.html", " cancelDialog", "resizable=yes,toolbar=no,menubar=no,width=200,height=150,screenX=" + initX +",screenY=" + initY );
  </script>
  </div></form></body>
  <script type="text/javascript">
  <!--
  function __RP_Callback_Helper(str, strCallbackEvent, splitSize, func){var event = null;if (strCallbackEvent){event = document.createEvent('Events');event.initEvent(strCallbackEvent, true, true);}if (str && str.length > 0){var splitList = str.split('|');var strCompare = str;if (splitList.length == splitSize)strCompare = splitList[splitSize-1];var pluginList = document.plugins;for (var count = 0; count < pluginList.length; count++){var sSrc = '';if (pluginList[count] && pluginList[count].src)sSrc = pluginList[count].src;if (strCompare.length >= sSrc.length){if (strCompare.indexOf(sSrc) != -1){func(str, count, pluginList, splitList);break;}}}}if (strCallbackEvent)document.body.dispatchEvent(event);}function __RP_Coord_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Coord_Callback = str;pluginList[index].__RP_Coord_Callback_Left = splitList[0];pluginList[index].__RP_Coord_Callback_Top = splitList[1];pluginList[index].__RP_Coord_Callback_Right = splitList[2];pluginList[index].__RP_Coord_Callback_Bottom = splitList[3];};__RP_Callback_Helper(str, 'rp-js-coord-callback', 5, func);}function __RP_Url_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Url_Callback = str;pluginList[index].__RP_Url_Callback_Vid = splitList[0];pluginList[index].__RP_Url_Callback_Parent = splitList[1];};__RP_Callback_Helper(str, 'rp-js-url-callback', 3, func);}function __RP_TotalBytes_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_TotalBytes_Callback = str;pluginList[index].__RP_TotalBytes_Callback_Bytes = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}function __RP_Connection_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Connection_Callback = str;pluginList[index].__RP_Connection_Callback_Url = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}
  //--></script></html>

  Is it not possible that someone fired the password expiration cmd ?
  SQL> select limit
    2  from   dba_profiles
    3  where  profile='DEFAULT'
    4  and resource_name='PASSWORD_LIFE_TIME';
  LIMIT
  UNLIMITED
  SQL> select profile from dba_users where username='MYUSER';
  PROFILE
  DEFAULT
  SQL> conn myuser/myuser
  Connected.
  SQL> conn / as sysdba
  Connected.
  SQL> alter user myuser password expire;
  User altered.
  SQL> conn myuser/myuser
  ERROR:
  ORA-28001: the password has expired
  Changing password for myuser
  New password:
  Password unchanged
  Warning: You are no longer connected to ORACLE.
  SQL> conn / as sysdba
  Connected.
  SQL> select name, astatus, TO_CHAR(ctime,'DD-MM-YYYY HH:MI') CTIME, TO_CHAR(ptime,'DD-MM-YYYY HH:MI') PTIME, TO_CHAR(EXPTIME,'DD-MM-YYYY HH:MI') EXPIRE
    2  from sys.user$ where name ='MYUSER';
  NAME
     ASTATUS CTIME
  PTIME
  EXPIRE
  MYUSER
           1 23-11-2011 11:15
  23-11-2011 11:15
  23-11-2011 11:17
  SQL>Nicolas.

• Cannot get user password expiration status with Jco 2.1

  I am using Jco 2.1. Is it possible to get the status of the user's password (expired or not) using Jco, or is there any BAPI which can do this task. I get an exception in Jco when the user is locked or does not have any access to the respective function groups, but no exceptions in this case. It allows the user to conenct to SAP even when the password has expried.
  In the code, I am using JCo Client connect and disconnect. It connects sucessfully, even when the password has expired in SAP.
  Many thanks in advance. Any pointers to this issue is appreciated.
  Regards,
  Siva

  Please refer to the link,
  Checking user password status with SAP JCO

• Process Password Expiration

  I wish to know how can I search for users who have certain password expiration date.
  For example, base on the date, I would like to send different emails to user. 1 months before expiration date, user receives a reminder email, 7 days before expiration date, user receives a warning email.
  I don't want to scan one by one all the users, get user object, then get the expiration date and do the comparison. I think this is too slow for a big number of users.
  Is there any faster way? for example by using attribute condition? How?
  Thank you,
  Steve

  I've done this a couple times using the per-account reconciliation workflow. Its certainly not glamorous, but it does work.
  The requirement was to notify AD users one moth and one week before password expiration. Reconciliation was run nightly against AD and I added a per-account workflow. The workflow checked the account expiration attribute and calculated how far it was away from today. If it was 30 or 7 days, I send an email reminder to the user.
  The solution did not significantly impact performance. A couple things you'll need to keep in mind. One, add a bunch of conditions up front to keep the speed up. Two, the variable userName is available in the per-account workflow when the recon condition is MATCHED. Finally, you're bound to your reconciliation schedule, so you may have to do some conditionals to make sure you aren't reminding people every night or every week.

• Want a solution for a scenario-To Set Password expiration in OID from OIM

  Hi,
  I have one scenario. Please guide me in some details to achieve this.
  I have one password policy in OIM. When user's password expires in OIM, then his password should also expire in OID. We have OID as user's repository.
  For this I have one solution but dont know how to implement this in OIM.
  "OID has the LDAP attribute called “pwdMaxAge” map this attribute to the OIM resource object and reset this value to number of days (as per password policy) whenever you change the password in OIM. This will set the password expiration time in the OID without having the password policy in place. "
  Plesae suggest.
  Thanks in advance.

  Well here is what you can do:
  - For OIM the user's password will be governed with the Xellerate User password policy, which says that password must be changed every 28 days. So you are good in handling this in OIM.
  Now for OID side, you have two options - *1. User changes OID password directly* and *2. User changes OID password through update in OIM profile password*. Most probably tou would want the second case. If true then here is what you can do.
  - As user changes the OIM password. Create automatic trigger Change User Password which updates the password in the process form of OID.
  - This invokes the Password Updated task.
  - On SUCCESS of this task, call another task which goes to OID target and updates the attribute pwdMaxAge to Current date + 28
  Thanks
  Sunny

• Password expiration mail and schedule tasks

  Dear Experts,
  To best of my observation OIM has OOTB feature to send mail on password expiry.
  Kindly suggest how do I find
  Query1 – how many days password get expired?
  Query2 – Which mail will be send to user when password expires?
  Query3 – Which schedule task does this?
  OIM version is 9.1.0.2.
  Kindly suggest.
  Thanks,
  S M

  In OIM 10g the schedule task name is Password Expiration Task. This task sends e-mail to users whose password expiration date has passed at the time when the task runs. It is determined by the USR table field USR_PWD_EXPIRE_DATE. The email template name is given as one of the attributes to this schedule task. That particular email is sent. The name of the email definition is "Password Expired". After that it updates the USR_PWD_EXPIRED flag on the user profile.
  Edited by: Durgaprasad on Apr 9, 2013 11:15 PM

• Email notification to user prior to password expire

  Hi All
          I have a requirement wherein I need to send  a mail to all users to change their password 2 days before it expires. I found that in table URS02 , field PWDCHGDATE  gives the last date when password was changed..Can anybody help me to build further logic so that the users will get mail 7 days prior to expiry date of their password, say 30 days is my password validity.
  If anybody has worked on this kind of requirement , pls give your inputs on same..
  Regards
  Babita

  Hi there,
  I am faced with the same request.
  Could you please share your solution?
  Regards,
  Thomas.