Saviynt Forums

karamchand · ‎10/23/2024

When creating a new Active Directory account, I want to set the initial account password to expire after 14 days. So after 14th day user should not be able to login.

Is this possible to acheive through createAccountJSON?

rushikeshvartak · ‎10/23/2024

You can add date in accountExpires

accountExpires: "${(10000 * (new Date(new Date().getTime() + 14 * 24 * 60 * 60 * 1000).getTime() + 11644473600000 + 86340000)).toString()}"

Sample for format https://forums.saviynt.com/t5/identity-governance/accountexpires-attribute-not-setting-correct-times...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

karamchand · ‎10/23/2024

Thanks for your response.

I was looking for specifically for password Expiry, not account Expiry. When the password of an account expires, they are forced to change it next time they login.

So when you create an account, and you expect the user to login at least one within 14 days (2 weeks). If the user logs in within 14 days, all is good. Password counters get reset. If they didnt, the password will expire. So when they try to login after 14th day - they have to set a new password.

accountExpires - will expire a user account and then they will not be able to login without help from helpdesk/AD administrator.

Saviynt Forums

Setting password expiry on Active Directory account creation