Highlights of Password Expiration

Highlights of Password Expiration

PasswordExpiration.pngEnforce password expiration with the flexibility of Web Part and email notifications, and cut down on IT overhead costs

Are you enforcing expiration of Active Directory Service account passwords, and as a result, your external users are having difficulty logging in to SharePoint due to expired passwords? Dramatically cut down on the overhead costs of troubleshooting login issues with the Password Expiration. Password Expiration provides an early warning system for SharePoint users when their password is about to expire.

Display a Message on a SharePoint Page

Display a Message on a SharePoint Page

Overview of Password Expiration settings

This topic describes how to use Password Expiration properly. It is assumed that the web part is properly installed, added to the desired page and the Active Directory Settings and SharePoint Settings options are configured.

Note: When the Password Expiration is installed, the Bamboo Password Expiration Reminder Web Part is added to the Web Part Gallery.

Step Action Result
1. To configure the Active Directory Settings and SharePoint Settings options, follow the steps described in each topic linked above.
2.

Expand the Password Expiration Rules option. Fill in the following sections:

  • Redirect Page URL: the user is automatically redirected to this URL.
  • Grace period: if the password of the currently logged in account expires in fewer days than specified in the Grace period, the currently logged in user is redirected to a different page based on the Web Part configuration.
3. Next, select the Display message in the Web Part option. Upon selecting this option, a rich text box appears as shown here:

hw23_DisplayMessage_new_2013.jpg
The information given in this text box is displayed to the user when their password expires within the specified grace period. The display message can include images, links, bullets, and text.

Optionally, you can modify the content by directly editing the HTML. Select the Edit HTML Source action icon from the rich text box menu options. Password Expiration also provides three optional variables that can be displayed in the message:

  • [Name] displays the Full Name of the current login account based on the SharePoint profile
  • [Days] displays the number of days until the current login account password expires
  • [URL] displays the URL specified in the Redirect Page URL setting
4. Click Apply, then click OK. hw23017_2013.jpg

NOTE: After successfully updating Password Expiration, the currently logged in user will see the message defined if their password expires within the specified grace period. If the user’s password does not expire within the defined grace period, no text is displayed.

Bamboo Solutions recommends setting the Web Part’s Chrome Type in the Web Part Tool Pane under the Appearance option to None for improved user experience. Additionally, Bamboo Solutions recommends the purchase and integration of Password Change to meet the needs of robust password change management.

Configuring the Password Expiration Web Part

Configuring the Password Expiration Web Part

After successfully adding the Password Expiration Web Part to a page, the web part can be configured.

NOTE: When Password Expiration is installed, the Bamboo Password Expiration Reminder Web Part is added to the Web Part Gallery.

To configure the Password Expiration Web Part, follow these steps:

  1. To modify the Web Part properties, select Edit Web Part from the drop-down menu of the Bamboo Password Expiration Reminder window.

Note: This menu is only accessible for users with proper access rights.

hw23_EditWebPart_new_2013.jpg

Note: You can also use the Web Part tab on the upper panel, and then click the Web Part Properties button to display the Bamboo Password Expiration Reminder tool pane.

  1. The Bamboo Password Expiration Reminder tool pane is displayed on the right side of the screen. Expand each section by clicking the plus sign next to the SharePoint Settings to configure the properties.

    hw23_WebPartSettingsplus_new_2013.jpg

When you have configured the web part, click Apply and then OK in the web part tool pane.

Click the links below for further details on the settings of the Password Expiration Web Part configuration:

Configuring Password Expiration is a process that includes several steps described in each link below:

  1. Add the Web Part to a Page
  2. Overview of Password Expiration settings
  3. Configure Settings for Active Directory
  4. Configure SharePoint Settings
  5. Configure Password Expiration Rules
  6. Localize the Password Change Web Part

Configure Password Expiration Rules

Configure Password Expiration Rules

Overview of Password Expiration settings

hw23_PassExpRulesSettings_new_2013.jpg This section determines the behavior of the Password Expiration Web Part. For further details of the Web Part behavior, see Use Cases. You can configure the following settings:

  • Redirect Page URL: Depending on the configuration, the user will either be automatically redirected to this URL, or the URL will be displayed in a message.
  • Grace period: If the currently logged-in account’s password expires in fewer days than specified in the Grace Period, the currently logged-in user sees a message or is redirected to a different page based on the Web Part configuration.
  • Automatically redirect users to the above URL: If selected and the user’s password expires within the Grace Period, the user will be automatically redirected to the URL listed in the Redirect Page URL setting. For more details, see Redirect Users to Change Their Password.
  • Display message in the Web Part: If selected and the user’s password expires within the Grace Period, a message defined in the rich text box is displayed. You can modify the message to meet your specific needs.

For more details, see Display a Message on a SharePoint Page.

Configure Settings for Active Directory

Configure Settings for Active Directory

Overview of Password Expiration settings

ADdomainAcct.jpg This section defines the account that accesses the user objects in the domain to determine their password status. The following settings can be specified:

  • Domain Name: Enter the domain name where the specific account resides.

  • Account Name: Enter an account name that will read the user’s current password. If the Password Setting Object (PSO) policy is enabled, this account must be a domain administrator, otherwise, enter an account for the domain administrator with read-only access rights to the Active Directory user information.

  • Password: Enter the password for the Active Directory account.

  • Fully Qualified Domain Name: Enter Fully Qualified Domain Name where the account resides.

Configure SharePoint Settings

Configure SharePoint Settings

Overview of Password Expiration settings

GroupExclude.jpgYou can optionally select which SharePoint Groups to be excluded from the Password Expiration rules. The members of the excluded groups will never see the expiration notice for their passwords.

NOTE: Only users with Full Control site permission can modify this setting.

All SharePoint Groups deployed to the site are listed.

Configuration Overview for Password Expiration

Configuration Overview for Password Expiration

There are two components included in the Password Expiration product:

ConfigUI.jpgPassword Expiration: This web part is configured to read Active Directory (AD) user information (using an AD account that has read permissions) to determine the password expiration date for the logged in user. Administrators can then configure Password Expiration to display password expiration reminder text in the web part beginning on the first day of the grace period, as well as a link to another web page or site that enables the users to change their password. Alternatively, users can be forced directly to the page or site to change their password when arriving on a page that contains Password Expiration. Users will not be able to access that page until they have changed their password. Administrators can also designate SharePoint groups to be excluded from being automatically redirected, such as site administrators.

NOTE: The page or site that allows users to change their password is not provided in this product. You can offer a method for your users to change their password on their own by providing Bamboo’s Password Change product or you can redirect them to a page or site of your choice with an alternative method selected for changing their passwords.

  • The Notification Add-On: This component contains an XML file for configuring an e-mail message (with subject, from, and message fields) to users in a specific organizational unit (and its sub-units) or all organizational units depending on your needs. The SMTP server name as well as a fully qualified domain name for accessing the organizational units must also be specified in the XML file. Users can also configure a grace period for sending e-mails earlier than the configured grace period for the web part features.

NOTE: You can use Password Expiration with or without the Notification Add-On. If you only need to automatically redirect users to a site to change their password or notify them through the web part user interface that their password will expire soon, then only the web part configuration is necessary.

The Notification Add-On provides the e-mail notification template and allows you to specify organizational units. In addition, it has its own grace period so that you have the option of sending e-mails before Password Expiration begins automatically redirecting users to change their password or displaying password expiration text in the web part (depending on the options you choose when configuring). Once the XML file is configured, you can use the Windows Task Scheduler to schedule the frequency with which you want to notify users that their password is changing within the grace period specified in the XML file.

NOTE: When Password Expiration is installed, the web part is added to the Web Part Gallery.

Follow the steps listed in Configuring the_Password_Expiration_Web_Part Password Expiration to complete the steps in the configuration process.

See also: Set Up Password Expiration Reminder E-mail Notifications.

Complementary Products for Password Expiration

Complementary Products for Password Expiration

sharepointsolutions.pngYou will find many of our products complement each other quite nicely saving you the time and trouble to write custom code. With Bamboo at the heart of your SharePoint investment, you gain access to a huge catalog of enhancements, components, and accessories that add the critical functionality your business requires.

The same components can be easily used in future applications and they all come from a single, trusted vendor, ensuring an easy purchase process and support you can count on. That’s the Bamboo Way!


With Password Change, you can provide your internal and external SharePoint users the power to change their SharePoint account passwords through SharePoint. No need to build a separate Web application to complete a simple, but essential security task.

PWchange

With Password Reset, you can provide users the ability to submit their own password reset requests through SharePoint, no longer requiring IT administration assistance. With two types of ID verification available, users can reset their password by email confirmation or by answering predefined security questions (Active
Directory accounts only).
PWreset
Password Change
Password Reset

Overview of Password Expiration settings

Overview of Password Expiration settings

Overview of Password Expiration settings

To modify the web part properties, select Edit (or Modify) Web Part from the drop-down menu of the Password Expiration configuration tool pane.

NOTE: This menu is only accessible for users with proper access rights (typically those who have Design permissions or above).

PasswordExpReminder.jpgThe Bamboo Password Expiration Reminder tool pane is displayed on the right side of the screen. Expand each section by clicking the plus sign next to the SharePoint Settings to configure the properties.

Each section has a separate description page so you can focus on a section that is pertinent to your organization.

  1. Configure Settings for Active Directory
  2. Configure SharePoint Settings
  3. Configure Password Expiration Rules
  4. Localize the Password Change Web Part