Overview#PasswordExpirationTime has an OID of 2.16.840.1.1137184.108.40.206.1.68 and is the value when Password Expiration occurs. (Not considering Grace Logins)
The value is set on a user whenever a Password Modify Operation happens or whenever a Edirectory Password Policy is set for "Number of days before password expires" which will set the PasswordExpirationTime value on the user.
PasswordExpirationTime can be set to an "earlier" time than the calculated setting form the Edirectory Password Policy and the value will be honored. PasswordExpirationTime can NOT be se to a later value.
PasswordExpirationTime is calculated#PasswordExpirationTime is calculated by adding the passwordExpirationInterval to the pwdChangedTime.
PasswordExpirationTime is calculated when there is a Password Modify Operation and and it is recalculated during login if the passwordExpirationInterval has been changed to a shorter amount of time or if the Edirectory Password Policy has been changed.
Password Reset and PasswordExpirationTime#Edirectory Administrative Password Changes may affect the values for PasswordExpirationTime. AttributeTypes is defined as:
- OID of 2.16.840.1.1137220.127.116.11.1.68
- NAME: PasswordExpirationTime
- OBSOLETE flag (only if present)
- (only if present)
- SYNTAX: 18.104.22.168.4.1.1422.214.171.124.24 GeneralizedTime
- NO-USER-MODIFICATION (only if present)
- USAGE: UserApplications
- Extended Flags:
- Used as MUST in:
- Used as MAY in:
More Information#There might be more information for this subject on one of the following:
- EDirectory Password Expiration
- Edirectory Administrative Password Changes
- Grace Logins
- Password Expiration
- Password Expired
- Password Life Time