• State Verified Answer
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 1966 views
  • Users 0 members are here
Options
Related

Account Expiration limit to 90 days in the future

rodney scott
over 2 years ago

We have an approval workflow for Contractors that requests approval from their manager to extend their account's expiration date.  This gets triggered any time that the account expiration is changed.  What is wanted is to make certain that the new expiration date is not more than 90 days from approval.  In the approval workflow, we are setting the date to be current date + 90 days.  However, this is not working, what ever date the account expiration is changed to, that is the date that the account expiration is being set to instead of being set to current date + 90 days.

We are using a PowerShell function that converts the Account Expires and the number of days remaining before expiration (used in the approval notification).  Is there a way to set the $Request's AccountExpires to a date that is no more than 90 days out?

Parents
  • +1 over 2 years ago

    You can always intercept the accountexpiration date from the request, change it to whatever you want and re-insert it into the request.

    Some pseudo code:

    $CurrentExpDate = $Request.Get("AccountExpires")

    # Do some math to see whether this is > 90 days out

    # If not, yer done i.e. "return"

    # If it is, do some math to set the date to 90 days from now and replace the date in the Request

    $Request.Put("AccountExpires",$MyNewDate)

  • 0 over 2 years ago in reply to JohnnyQuest

    function onPreModify ($Request){
        # Makes sure we are working on user object, otherwise exit function
        if ($Request.class -ne 'user'){return}

        # Check that the AccountExpires is being changed, if not, exit function
        $accountExpires = $Request.Get("accountExpires")
        if (!$AccountExpires){return}

        # Get the DN DistinguishedName and user object that is being changed
        $strUserDN = $Request.DN;
        $User = Get-QADUser -Identity $strUserDN -properties accountexpires,employeetype

        # See if we're working with a contractor, if not leave function
        if($user.EmployeeType -ne "Contractor"){ return }
        #Set the maximum number of days out that an accountexpires can be set to
        $MaxDate = (Get-Date).AddDays(90)

        #Make certain that the Account Expires is not set to never expire
        if ($AccountExpires -ne "9223372036854775807") {
             # Converts the system date to a readable date format
             $AccountExpirationDate = [DateTime]::FromFileTime($accountExpires).addDays(-1)
            # verify that the new expiration is not more than the maximum days and if it is set it will adjust to the maximum days
            if ($AccountExpirationDate -gt $MaxDate){ $Request.Put("AccountExpires",(Get-Date $MaxDate).ToFileTime()) }
        }
    }

Reply
  • 0 over 2 years ago in reply to JohnnyQuest

    function onPreModify ($Request){
        # Makes sure we are working on user object, otherwise exit function
        if ($Request.class -ne 'user'){return}

        # Check that the AccountExpires is being changed, if not, exit function
        $accountExpires = $Request.Get("accountExpires")
        if (!$AccountExpires){return}

        # Get the DN DistinguishedName and user object that is being changed
        $strUserDN = $Request.DN;
        $User = Get-QADUser -Identity $strUserDN -properties accountexpires,employeetype

        # See if we're working with a contractor, if not leave function
        if($user.EmployeeType -ne "Contractor"){ return }
        #Set the maximum number of days out that an accountexpires can be set to
        $MaxDate = (Get-Date).AddDays(90)

        #Make certain that the Account Expires is not set to never expire
        if ($AccountExpires -ne "9223372036854775807") {
             # Converts the system date to a readable date format
             $AccountExpirationDate = [DateTime]::FromFileTime($accountExpires).addDays(-1)
            # verify that the new expiration is not more than the maximum days and if it is set it will adjust to the maximum days
            if ($AccountExpirationDate -gt $MaxDate){ $Request.Put("AccountExpires",(Get-Date $MaxDate).ToFileTime()) }
        }
    }

Children
No Data