ONTAP Discussions

How to get Current Password Age

AdaikkappanArumugam
3,761 Views

In 7Mode there is way to set the min and max password age for each user. After which they are forced to change it or they cant login.

But the question here is, how to know get  how long it has been since the age was set, or in how many days will the password needs to be changed ?

 

If this was set today, I know the PasswordMaximumAgeTS : 75.00:00:00 will expire in 75days and can start sending notifications 7 days earlier. So the question is, how to get that days left before the password expire using any of the following.

 

Powershell commdlet, CLI or SDK.

 

 

PS H:\> get-nauser test123 -GetCapabilities | Format-list


Name : test123
FullName :
Comment :
UseradminGroups : {Administrators}
AllowedCapabilities : {login-*, cli-*, api-*, security-*}
PasswordMaximumAgeTS : 75.00:00:00
PasswordMinimumAgeTS : 00:00:00
Rid : 131135
Status : enabled

 

Regards

Adai

2 REPLIES 2

ekashpureff
3,749 Views

 

Adai -

 

I'm so happy to see you on the community again !

I've missed you.

 

There's no API call or command I know of to pull a given user's password age.

But I did think of  a way it could be done.

You'd need the passwd age security settings.

The missing bit is when the user last changed the password.

Only place I know to find that would be from the logs.


I hope this response has been helpful to you, sir.

 

At your service,

 

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

 

AdaikkappanArumugam
3,738 Views

Hi Eugene,

           I have mostly been active on the WFA communites lately. But, its nice to see you again.

I am sure this information is availabe in Ontap. Otherwise they wont be able to expire. Waiting so see if that information can be reterived programatically.

 

Or as you suggested, scraping the log is the last resort. But it would be ugly and resource intensive compared to pulling it via a cli or sdk.

 

Regards

Adai

Public