FIM Password Expiration Notification E-Mail


  • Within FIM 2010 R2 I have created 2 sets called "Password Expiration Notification (7 Days)" and "Password Expiration Notification (Tomorrow)", the criteria I have set to populate these sets is:

    Select users that match all of the following conditions:

    Password Last Set prior to 35 days

    User account control = 512


    Select users that match all of the following conditions:

    Password Last Set prior to 41 days

    User account control = 512

    Our domain password policy stipulates passwords should be changed every 42 days.

    I've have the sets populating correctly and have followed the tutorial here to setup the workflows, email templates and MPRs to send an email to the user when they transition into one of the above sets.

    It is sort of working, in the sense it is sending emailed but when I look at the System Event Requests that appear under Search Events emails are only being sent to users who password have already expired and not all of the members of the sets.

    Anybody able to suggest a reason why emails are not being sent to all members of the sets? 

    Saturday, February 15, 2014 3:23 PM

All replies

  • At first, I would try to find corresponding requests to find if they were completed correctly. It would verify if each user has email attribute set or if FIMService account failed to send an email (and why). If everything is correct, check your mail engine - maybe it failed somehow.

    Keep trying

    Saturday, February 15, 2014 4:10 PM
  • I only see completed requests for the users who's passwords have already expired, no requests (even ones that failed) for users in the set who's passwords have not yet expired, but are due to.

    It looks like something is not being trigged by FIM, but I don't know why...

    Saturday, February 15, 2014 4:30 PM
  • Any more thoughts on this?  Is there any tracing or additional logging I can enable to troubleshoot this further?
    Monday, February 17, 2014 5:31 PM
  • Hello

    I read your conditions as PWDLastSet Prior to 41 Days because you have connected both conditions with an AND and both conditions met in case 41 days are gone since the last PWD Change Operation.

    I think you should try "Match all": "PWDLastSet Prior to 35 days ago" AND "PWDLastSet after 41 days ago".


    Thursday, February 20, 2014 8:20 PM
  • I should have been clearer....

    They are 2 seperate sets... not within the same set.

    Thursday, February 20, 2014 8:22 PM
  • Thursday, February 20, 2014 8:32 PM