• Find Password Expiration Date

Applies to: All versions of Centrify DirectControl Problem: Inconsistent AD user's password expiration date between hosts within the same zone Cause: DirectControl agent calculates password expiration date based on the value set for the parameter 'secedit.system.access.maximumpasswordage' in /etc/centrifydc/centrifydc.conf file. If machine group policies are enabled, this parameter gets its value from the 'Max password age' group policy set in Active Directory; otherwise the default value of 90 is used for calculation.

Find Password Expiration Date

Solution: Ensure the computer-based group policies are enabled by setting the configuration parameter in the file /etc/centrifydc/centrifydc.conf gp.disable.machine: false and make sure the configuration parameter 'secedit.system.access.maximumpasswordage' has same value across the hosts. If computer-based group policies need to be turned off, add the configuration parameter secedit.system.access.maximumpasswordage in the file /etc/centrifydc/centrifydc.conf and set it to same value on all the hosts within the same zone.