Forum Discussion

Greg_130338's avatar
Greg_130338
Icon for Nimbostratus rankNimbostratus
Apr 23, 2014

AD Password Expiration

Hey all, we've recently cut over to using the BigIP to front end our citrix xenapp environment. Before, users were notified at logon to the citrix web gateways when their password was 14 days out from expiring and gave them an option to reset it then. Now using APM, the user is notified on the day that the pw has expired.

 

Is there anyway to replicate that functionality where a user would be notified ahead of time and be given the opportunity to change it via APM?

 

Thanks all

 

-GR

 

  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Historic F5 Account

    Ad ad query after ad authentication in your access policy, this can be done by opening virtual policy editor and clicking the + sign on the successful branch for your ad authentication object. Within the properties tab of ad query, there is an option to prompt user in x number of days prior to their password expiration date.

     

    • Greg_Crosby_319's avatar
      Greg_Crosby_319
      Historic F5 Account
      I think what you want is to leave the fallback branch and remove all the other branches.
    • Carlos_13563's avatar
      Carlos_13563
      Icon for Cirrus rankCirrus
      Now that we have version 11.5 we added AD query to existing policy virtual editor flow on successful. Now the AD query has to branch Successful and fallback, so if the user has an expiration of more than 5 days, that's our setup, it goes to fallback. How do we remove the fallback branch.