AD Attributes

Active Directory Attributes » Active Directory password attribute: ms-DS-User-Password-Expired

Active Directory password attribute: ms-DS-User-Password-Expired

This attribute indicates whether the password for a user account has expired or not.

CN ms-DS-User-Password-Expired
Ldap-Display-Name msDS-UserPasswordExpired
Attribute-Id 1.2.840.113556.1.4.1858
System-Id-Guid 565c7ab5-e13e-47f6-abb5-de741806f125

For more details about this attribute, refer to this Microsoft document.

Expired passwords can cause a lot of issues for end users. If users are not connected to the domain network when their password expires, they will not be able to log in to their machines or access any application such as OWA, VPN, etc., that depend on Active Directory for authentication. Notifying users about their password expiration regularly can help them be proactive and change their passwords before it becomes an issue.

ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, helps notify users about their password expiration well in advance and let them change their domain passwords securely through a web-based portal.

How ADSelfService Plus can solve password expiration-related issues

  1. Password expiration status reports: Easily identify users whose passwords will expire soon and users whose passwords have already expired with built-in reports.
  2. Timely alerts for password expiration: Automate password change reminders with alerts sent to users via email, SMS, or push notifications so they can change their passwords before they expire.
  3. Phased and imperative reminders: Configure multiple notifications to be sent at regular intervals so that reminders don't go unnoticed.
  4. Selective reminders: You can choose to whom to remind. For example, you can opt to set up reminders only for an OU full of remote users and leave out the rest.

Simplify password management with ADSelfService Plus.

Get Your Free Trial

Self-service password management and single sign-on solution

ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.