Where does the "Expiring Passwords" data come from? For example, my AD account is set to expire in a couple of days, so I would expect to see it in this list but it's not there. Does this list populate off of an account's actual expiration date? Or is it populated based on the Password Policy and the last password reset done in the Via interface?
The latter. The product does not collect info about passwords from endpoints. So the expiration is based on the password policy and the last time it was reset through the product.
Hi Andrew,
may you clarify where is stored the Password Expiration Date of a user and/or account?
I mean, in which user and/or account attribute is recorded the Password Expiration Date in both the cases:
I'm asking because, our system, one day, sent thousand of emails with subject "Subject: Please reset your current expiring or expired password" for all user accounts. We figured out that is because of the default Email Event/Template: PasswordExpirationEvent with conjunction with our Password Policy, as you explained, but I still don't know which is the starting date used by the system to compute the Password Expiration Date of users that never reset/change password by the system.
For an account that has not had a password reset through the product, then the expiration is calculated from the date that the password policy was associated to the business source.
I'm not sure if that date is surfaced in the UI, but it is the DATE_ASSIGNED column in the T_AV_PASSWORD_POLICY_RESOURCE database table.
The latter. The product does not collect info about passwords from endpoints. So the expiration is based on the password policy and the last time it was reset through the product.