• State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 63 subscribers
  • Views 73 views
  • Users 0 members are here
Options
Related

Is it possible to display passwordlastset in Web?

charleneforbes
4 days ago

Hi everyone,

The Active Roles console has an Additional Account Info tab which includes the password last set and password age (days) attributes; is there a way to display these in the web version?  I don't see them in the list when I try to customise the user menu.  I can do the command in Powershell to get the last set attribute from native AD but hoping I don't need to use virtual attribute to run the command when the information is already available in the console.  I'm using version 8.1.3.

Thanks in advance

Charlene

Parents
  • 0 12 hours ago

    The password age is calculated and is not stored in Active Directory or in an Active Roles Virtual Attribute. If you wish to display it, it will be necessary to perform a similar calculation using a custom script module.

    I created a Virtual Attribute called edsvaPasswordAge linked to Users which stores a DirectoryString value, and then implemented a policy that ran the below script module, and it worked in my lab:

    function onPostGet($Request)
{
    if ($Request.class -ne "user")
    {
        return
    }
    elseif($Request.IsAttributeRequested("edsvaPasswordAge"))
    {
        $DirObj.GetInfoEx(@("pwdLastSet"),0)
        $rawPwdLastSet = $DirObj.Get("pwdLastSet")
        $largeIntegerPwdLastSet = New-Object -ComObject AelitaEDM.EDMLargeInteger;
        $largeIntegerPwdLastSet.Set($rawPwdLastSet)
        $formattedPwdLastSet = $largeIntegerPwdLastSet.GetString()
        
        if($formattedPwdLastSet -eq '0')
        {
            $Request.Put("edsvaPasswordAge", '0')            
        }
        else
        {
            $pwdLastSet = $largeIntegerPwdLastSet.GetDate()
            $passwordAge = ((Get-Date) - $pwdLastSet)
            $Request.Put("edsvaPasswordAge", [string]$passwordAge.Days)
        }
    }
}

Reply
  • 0 12 hours ago

    The password age is calculated and is not stored in Active Directory or in an Active Roles Virtual Attribute. If you wish to display it, it will be necessary to perform a similar calculation using a custom script module.

    I created a Virtual Attribute called edsvaPasswordAge linked to Users which stores a DirectoryString value, and then implemented a policy that ran the below script module, and it worked in my lab:

    function onPostGet($Request)
{
    if ($Request.class -ne "user")
    {
        return
    }
    elseif($Request.IsAttributeRequested("edsvaPasswordAge"))
    {
        $DirObj.GetInfoEx(@("pwdLastSet"),0)
        $rawPwdLastSet = $DirObj.Get("pwdLastSet")
        $largeIntegerPwdLastSet = New-Object -ComObject AelitaEDM.EDMLargeInteger;
        $largeIntegerPwdLastSet.Set($rawPwdLastSet)
        $formattedPwdLastSet = $largeIntegerPwdLastSet.GetString()
        
        if($formattedPwdLastSet -eq '0')
        {
            $Request.Put("edsvaPasswordAge", '0')            
        }
        else
        {
            $pwdLastSet = $largeIntegerPwdLastSet.GetDate()
            $passwordAge = ((Get-Date) - $pwdLastSet)
            $Request.Put("edsvaPasswordAge", [string]$passwordAge.Days)
        }
    }
}

Children
No Data