Aegis Active Directory Password Expiry workflow

Hi, I am a complete newbie to this but would appreciate any assistance
for this. I am currently looking work a workflow for Aegis that will
Active Directory for password expiry and email users to change their
passwords before they are expired. Would appreciate assistance on this
workflow. Thanks

imranulghar's Profile:
View this thread:

  • imranulghar,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    Has your issue been resolved? If not, you might try one of the following options:

    - Visit and search the knowledgebase and/or check all
    the other support options available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (

    Be sure to read the forum FAQ about what to expect in the way of responses:

    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your NetIQ Forums Team

  • Hi Imranulghar,

    This type of question isn't really a technical support question, but
    since its not a big workflow I can put together an answer in form of a
    demo workflow for you so you can import it into your lab and hopefulyl
    get it running ok.

    There are a few main points.

    #1 The workflow will probably run on a schedule - the Aegis Scheduler
    adapter will tell the workflow when to start, possibly once a week.

    #2 The only complicated part of this workflow is the LDAP query to
    find the users whose passwords will expire in X days. The timeformat
    isn't standard but there is an easy powershell command which can be run
    in the workflow to calculate the upper and lower time settings of the
    LDAP query.

    #3 Once we find the users (depending on the method), we then need to
    query the user for the email address which we then use to send them the
    email. Loop through all users and end.

    So the open question would be how do we connect to AD ? Do you have
    NetIQ Directory and Resource Monitor - this has an installable Aegis
    adapter which can be used to perform the AD connection tasks.

    Without the adapter we can use the dsquery Windows Ad commands to handle
    this. This will require parsing the screen output of the command but
    not a big issue.

    I also have specific LDAP activities for AD and a generic LDAP adapter
    on the NetIQ Communities site which would also work - although these are
    not supported. Technically scripting isn't either but there are a lot
    of grey areas!

    If you don't have DRA I will do the demo based on the command line
    options - I'm on vacation for most of the next week or so but will get
    to you after that.


    martincotter's Profile:
    View this thread: