Q: What are the various active directory account conditions to program for when it comes to authenticating through an FBA listener on ISA or TMG?
A: There are seven that we've come up with:
- The account is active and valid.
- The account’s password is past the 90 days max password age and the password is expired (but account is still active).
- The account‘s password will expire in <15 days (test by changing remind users from 15 to 120).
- The account is disabled (test by simply disabling the AD account).
- The account is expired (test by moving the AD account expire date into the past).
- The account is set to “user must change password at next logon” (test by simply checking that box)
- The account is active and valid and the user checks the box to change their password.
No comments:
Post a Comment