Does any event id generates when user account password gets expired? I was hoping to write a script which triggers through event?
I did look around but did not find anything related to password expiration – only found related to account expiration.
Expired password Event ID in Window Server 2012
active-directorywindows-event-logwindows-server-2012
Related Topic
- Active Directory authentication rejected and the bad password count does not increment or reset
- Security – Account lockouts not in Event Viewer
- Windows – Why is the Application event log getting cleared every night
- Can I reset the clock on an expired password in AD
- Can’t enable Event Log
- Active Directory – How to Fix Blank Administrator Password on Windows Server 2012/2016 in Google Cloud
Best Answer
In short, no.
A password expiration isn't really an event that happens. It's a calculation that DCs perform at the moment of authentication based on the attributes on the account and password policies that apply to the account. An account whose password is currently expired might no longer be expired if you change the policies surrounding maximum password age or add a flag that it never expires.
So if you're trying to write a script that does something with accounts who have expired passwords, you're going to have to do it as a point-in-time sort of calculation as well. If your AD is 2008 based or later, you have access to the msDS-UserPasswordExpiryTimeComputed constructed attribute which basically takes into consideration everything that would contribute to a password's expiration and gives you a timestamp of when that user's password will (or has) expired.