AD password expired check in Active Directory Query

Question

Hello i'm facing this issue and I could only find this solution.

Solved: AD password expired - DevCentral (f5.com)

For our flow is impossible to apply the same solution as we need to do that check almost at the end of the flow after dozen of other checks.

In the post is a link related with another possibility

if "pwdLastSet" + "Max-Pwd-Age" >= "now" "password is expired"

How can we translate this into the expr ?

expr {[mcget {session.logon.last.pwdLastSet + session.logon.last.maxPwdAge }] equals session.logon.last.LastLogonTimeStamp }

Is this expr correct ?

Kind regards

sebastiansierra · Answer

Hi,The expressión is wrong because you are trying to call some variables that doesn´t exist:1.session.logon.last.pwdLastSet =&nbsp;session.ad.last.attr.pwdLastSet2.session.logon.last.maxPwdAge=&nbsp;session.logon.last.attr.maxPwdAge3.session.logon.last.LastLogonTimeStamp=&nbsp;session.user.starttimeSo, the next step is to create an AD Query before Ad Auth and Required Attributes:1.pwdLastSet2.maxPwdAgeCould you try to configure the Ad Query and see if you receive the values from the AD? I´m trying to do it in my lab but for some reason, I don´t receive the&nbsp;maxPwdAge and I think that the problem is my AD

Forum Discussion

AD password expired check in Active Directory Query

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

AD password expired

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

LTM Certificate expire

Azure Active Directory and BIG-IP APM Integration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS