DESCRIPTION
This script policy automatically sets the account expiration for every created user account.
Note This code may use functions from the Active Roles Script Policy Best Practices. Please, follow the link to obtain instructions and code for those functions.
SCRIPT
'*********************************************************************************
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
' PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
'*********************************************************************************
' The script policy sets account expiration for each new user account.
' Account expiration is set to 90 days from current date,
' e.g. the date of creation.
' NOTE:
' Account expiration is stored in AD in accountExpires attribute.
' The accountExpires attribute has a LargeInteger syntax.
' There is no known way to convert date/time value to a large integer in a script.
' Plus, Request object does not implement IADsUser interface, only IADs and IADsPropertyList.
' That's why account expiration can not be set in onPreCreate and separate network
' call in onPostCreate handler is required.
Sub onPostCreate (Request)
' Optimization: process only user accounts
If Request.Class <> "user" Then Exit Sub
' Get curent date and add 90 days to it
dateNow = Date
expirationDate = DateAdd("d",90,dateNow)
' Set the account expiration date
DirObj.AccountExpirationDate = expirationDate
DirObj.SetInfo
End Sub
'***** END OF CODE ***************************************************************