Password Expiry not working

Support forums for the Habitat Automate plugin
Post Reply
cires316
Posts: 28
Joined: Fri Jan 19, 2018 11:33 pm
6

Password Expiry not working

Post by cires316 »

It worked fine with the prior individual plugin.

I had a client setup in the prior plugin and I re-setup in the habitat plugin but it does not seem to be scanning. I put all the exact info I had in the other plugin.

Notify is on
AD server is selected on dropdown
days to notify are set
DN for the user OU is set
mail notification body is set

Under results it is showing proper dates for last scan date but no users are coming up.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Password Expiry not working

Post by Cubert »

Could you send over some screenshots for us?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Password Expiry not working

Post by Cubert »

Yea, don't bother... we found an issue. Looks like we removed the call to load that view in last set of edits. Must of been a fat finger event.

This will be fixed in 1.0.0.35 out later today. Auto updates will update the plugin for you tonight.

cires316
Posts: 28
Joined: Fri Jan 19, 2018 11:33 pm
6

Re: Password Expiry not working

Post by cires316 »

but is that a visual thing only? Because the users' aren't getting the emails either

cires316
Posts: 28
Joined: Fri Jan 19, 2018 11:33 pm
6

Re: Password Expiry not working

Post by cires316 »

Not seeing anything in the results yet and far as I can tell, users aren't getting the emails

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Password Expiry not working

Post by Cubert »

Ok so your not getting data back from the DC.

Can you confirm that the Habitat AD Password Expired Notifier script has run on the DC daily? You should see it being scheduled at 12 am and 1 pm daily. It scans the DC using LDAP and returns the user list. If the LDAP container is not valid it will fail to produce a list.


So let's check a few things:

#1 Do you see script being scheduled?

#2 Does c:\windows\ltsvc\expiryAD.ps1 on the Domain Controller exists?

#3 Try running the following on the DC in a powershell console as "Admin". Replace in the script below for @LDAPRoot@ the same setting you have for your LDAP in the plugin. Execute it and see if it prints out a list of users?

Code: Select all

$ErrorActionPreference = 'SilentlyContinue'
#write-host $data.count total lines read from file
$Users = Get-ADUser -SearchBase "@LDAPRoot@" -properties mail, useraccountcontrol, CannotChangePassword, passwordlastset, passwordneverexpires -filter * | select *, `
          @{label="passwordage";expression={(new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days}}, `
          @{label="daysleft";expression={($MaxPasswordAgeDays - ((new-timespan -end  (Get-Date) -start $_.PasswordlastSet).Days)) }} `
        | where {($_.CannotChangePassword -ne $True) `
            -and ($_.passwordneverexpires -ne $True) `
            -and ($_.UserAccountControl -ne 514) `
            -and ($_.mail -ne $null) `
            }
$i = 0
foreach ($user in $Users) {
	$Name = $user.name
	$Name = $Name -replace "\W"," "
	$UPN = $user.mail
	$DaysLeft = $user.daysleft
 
		write-output " '$UPN', '$Name', '$DaysLeft'"

}

#4 if script is being scheduled what is the logged output from the script execution?

Post that info here for us to review.

cires316
Posts: 28
Joined: Fri Jan 19, 2018 11:33 pm
6

Re: Password Expiry not working

Post by cires316 »

So i think it was either an issue with the sub OU i was testing with OR the fact the DC I was trying to use only had PS v2 installed on it.

I switched it to a 2016 DC and hit the OU 1 parent level up and now it's showing everything in there.

I think it really moreso might have been the DC I was using first

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Password Expiry not working

Post by Cubert »

Ah,

Oh yes the Habitat AD password expire scripts first duty is to test Powershell for version 3 or greater, if not it will exit script with a log message in the script logs that POSH is not usable.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Password Expiry not working

Post by Cubert »

Just fyi we released a new build today 1.0.0.36 which now revamps the Password expired tool.

See what it looks like here
viewtopic.php?f=62&t=5703&sid=f6a419086 ... 6e3c1e487f

Your plugins should auto update overnight and this will become available then.


Enjoy

Post Reply

Return to “Habitat”