Password and Account Expiration Notification

ADSelfService Plus enables you to send email, SMS, and push notification to Active Directory users with soon-to-expire passwords and accounts. You can send multiple reminder notifications on specific days with varying degrees of importance to users to prompt them to change their passwords before they expire.

Steps to configure password expiration notification settings in ADSelfService Plus

1. Log in to the ADSelfService Plus admin portal.
2. Navigate to the Configuration tab. Under Self-Service, select Password Expiration Notification.
3. Select the domains, OUs, or groups for which you want to send notifications.
4. Enter the Scheduler Name and select the Notification Type.
5. From the Notify via drop-down, select the method through which you want to send notifications (SMS, email, push notification, or any combination of the three).
   
   
   
6. Configure the Notification Frequency as:
   • Daily
   • Weekly
   • On specific days: For instance, you can choose to email the first password expiration reminder when it's 15 days to password expiration, the second when it's 10 days, the third when it's seven days, the fourth when it's three days, and so on.
     
     
     
7. Set the Schedule Time to generate the notification message at a specific time.
8. Type in the notification Subject and Message in their respective fields. There are character limitations for the notification messages based on the notification method chosen. To learn more about these limitations, refer to the character limits section.
   Notes:

   • With ADSelfService Plus, you can set priority levels for the email notifications as High, Medium, or Low by clicking on the ! at the top-right corner of the message field. A notification message sent closer to a user's password expiration date requiring urgent action can carry a higher priority level than one sent ten days ahead of time.
   • ADSelfService Plus supports macros that help you create user-specific messages using AD attributes. To learn more, visit the macros section.
9. You can attach any valid file (less than 25 MB) along with the notification email.
10. Click the Advanced link.
    • In the Advanced pop-up window, you'll see options for excluding non-enrolled users, disabled users, or smart card users from receiving expiration notifications.
    • You can also choose to notify users whose passwords have already expired.
      
      
      
    • Select Retry notification if scheduler fails to notify users on configured day, if the notification does not reach the user on the scheduled day. This option is used only when the Notification Frequency is set to On specific days.
    • You can also send a notification delivery status message to users' managers or to an admin.

      Click the Customize link to:

      • Create the subject and message and set the priority level of the notification.
      • Set the attachment type, its storage path, and whether you want the attachment to be a compressed file or not.
      • Specify the email address of the admin you want to send the report to.

      Click on the back button to exit the Customize Admin/Manager Notification window.

    • Click Done to close the Advanced pop-up window.
11. Click Save.

Macros

A macro, in general, refers to a pattern or rule that states how a particular input should be mapped to a replacement output. The use of macros helps reduce redundancy and repetitive tasks. For example, instead of having to enter specific names for messages directed towards specific users, you can use a particular attribute like sAMAccountName, and the value associated with that attribute for each user will get updated in the messages.

• You can address users either by their initials, displayName, or any of the other supported attributes in ADSelfService Plus.

  Supported LDAP attributes: givenName, sn, initials, displayName, userPrincipalName, sAMAccountName, name, email, and distinguishedName.

• You can also use multiple attributes in combination, and append the macros in ADSelfService Plus.

  Example: A user can be referred to by their FirstName followed by their employeeID, i.e, %givenName%_%employeeID%

• Custom attributes can also be used as macros. To create a custom attribute, go to Configuration → Self-Service → Directory Self-Service, and click Manage Custom Attributes. Enter the Display Name, LDAP Name, and the Data Type, and click Add.

  The attributes created can be edited and updated at a later stage or can be deleted. The custom attribute created here appears in the list of macros in Password Expiry Notification and can be added in the notification message.

Character limits for notification messages

1. The push notification content should not exceed 185 characters, including the subject and the message. If it does, the content will be truncated to fit the character limit. The character limit for non-English languages are given below:
   • 60 characters for Japanese and Chinese.
   • 95 characters for Arabic and Russian.
   • 185 characters for Spanish, German, and Italian.
   • 178 characters for French, Swedish, and Polish.
2. The SMS notification content should not exceed the character limit set by the SMS service provider.