Hello,
I know the question of managing user expiry dates has been raised before, however I could find nothing relevant to this in the other posts.
I'm attempting to create a policy that will populate a default account expiry date for new users. The first attempt was pretty straightforward:
function onGetEffectivePolicy($Request) { $LgInt = New-Object -ComObject AelitaEDM.EDMLargeInteger $LgInt.SetDate((Get-Date).AddDays(90) | Get-Date -Format G)) $Request.SetEffectivePolicyInfo('accountExpires', $Constants.EDS_EPI_UI_GENERATED_VALUE, $LgInt.GetString()) $Request.SefEffectivePolicyInfo('accountExpires', $Constants.EDS_EPI_UI_VALUE_REQUIRE, $True)
}
This works fine when using the MMC interface, but it doesn't lend itself well to editing the default date since it deals exclusively with the INTEGER8 value. If you attempt to edit it, you'll only be able to edit the coded integer value.
So the next attempt was to introduce a new virtual attribute that is defined to be of the Generalised Time syntax. I adjusted my script to work with this new virtual attribute, making this the attribute that gets populated by default and is mandatory. Then I would define some code in onPreCreate that would move the content of this virtual attribute into the actual native accountExpires attribute, but I receive an error stating that I am attempting to populate the accountExpires attribute with an invalid value. The code looks something like this:
function onGetEffectivePolicy($Request) { $Request.SetEffectivePolicyInfo('edsvaAccountExpires', $Constants.EDS_EPI_UI_GENERATED_VALUE, (Get-Date).AddDays(90) ) $Request.SetEffectivePolicyInfo('edsvaAccountExpires', $Constants.EDS_EPI_UI_VALUE_REQUIRE, $True)
}
function onPreCreate($Request) {
$LgInt = New-Object -ComObject AelitaEDM.EDMLargeInteger $LgInt.SetDate($Request.Get('edsvaAccountExpires')) $Request.Put('accountExpires', $LgInt.GetIADSLargeInteger()) $Request.PutEx($Constants.ADS_PROPERTY_CLEAR, 'edsvaAccountExpires', $null)
}
This, unfortunately, is what generates the "An invalid value has been specified for 'accountExpires' attribute" error message.
Moreover, this code works great in the MMC client - but the default value that I've specified does not populate when creating a user in the Web interface. The web site shows the attribute as an unpopulated calendar control. I can edit it, but it's not populated with the default value.
I've messed around with all of the various combinations of $LgInt formats (e.g., $LgInt.GetString(), etc), but to no effect.
Appreciate your thoughts!
Thanks,
Shawn.