none
Daily Password Expiration Reminder? Multiple Sets associated with single Management Policy Rule? RRS feed

  • Question

  • We want to send a daily reminder to users that their password is expiring in X Days starting 14 days out

    I've got the expiration date in the portal (using the PowerShell MA - Thanks Søren Granfeldt!!!) 

    I've got a set built one for each day so the users can Transition from 14 days to 1 day and each transition cause a temporal MPR to fire resulting in an email being sent to the user. 

    Instead of making 14 MPR's to correspond to the 14 Sets can we have the 14 sets associated with 1 MPR that fires off the email?

    Is there another way to go about this?

    Thanks;

    Jonathan

    Tuesday, April 1, 2014 1:56 PM

Answers

  • Each MPR can be associate with only 1 set so I don't think you can do this simply.

    One hackaround (using 1 set and 1 MPR) I can think is to calculate the number of days remaining into a separate attribute (using a WF) - Use this attribute in the email message (say //Target/PasswordExpiryDays)/ Then, after firing off the first email (say 14 days remaining), you set the password expiry date to something greater than 14 days using a function evaluator WF after the email WF triggers. This moves the user out of the set of users whose password is due to expire.

    When you do the sync next time, the password expiration date in the portal for this user will get updated and the user will move back into the set of Users whose password is due to expire in 14 days and the MPR will trigger again. The only issue here is that you need to make sure you sync this attribute only once per 24 hour period (apart from the fact this is a horrible hack!)

    Interesting question though - open to suggestions from FIM experts on how to go about this

    • Marked as answer by jmanley WI Tuesday, April 15, 2014 2:40 PM
    Tuesday, April 1, 2014 9:25 PM

All replies

  • Each MPR can be associate with only 1 set so I don't think you can do this simply.

    One hackaround (using 1 set and 1 MPR) I can think is to calculate the number of days remaining into a separate attribute (using a WF) - Use this attribute in the email message (say //Target/PasswordExpiryDays)/ Then, after firing off the first email (say 14 days remaining), you set the password expiry date to something greater than 14 days using a function evaluator WF after the email WF triggers. This moves the user out of the set of users whose password is due to expire.

    When you do the sync next time, the password expiration date in the portal for this user will get updated and the user will move back into the set of Users whose password is due to expire in 14 days and the MPR will trigger again. The only issue here is that you need to make sure you sync this attribute only once per 24 hour period (apart from the fact this is a horrible hack!)

    Interesting question though - open to suggestions from FIM experts on how to go about this

    • Marked as answer by jmanley WI Tuesday, April 15, 2014 2:40 PM
    Tuesday, April 1, 2014 9:25 PM
  • I used this article from Brad Turner on a prior deployment and it worked like a charm
    Monday, April 14, 2014 7:19 PM