Force Password Reset 90 Days After Last Change - Support and Troubleshooting

Force Password Reset 90 Days After Last Change Summary This KB provides a simple custom solution to force a user to change the password 90 days after the last change.

Please note the customization described here was developed for demonstration purpose only, and is provided as is.

Please test thoroughly before implementation, and make necessary changes / add additional features as required in your environment.

Instructions 1>

On sys_user table, create a new field: u_password_last_change, type: Date/Time

2>

Create a new BR on sys_user table:

when: before, tick update, condition: when Password Changes

In Advanced Tab, put in script below:

(function executeRule(current, previous /*null when async*/) {

gs.info('Password Changed: for '+ current.name + ', by '+gs.getUserID()); current.u_password_last_change = new GlideDateTime();

})(current, previous);

3>

Create a scheduled job (open table sysauto_script, create a new record)

Run this job daily, put in below script:

var gr = new GlideRecord('sys_user'); gr.query(); var i=0;

while(gr.next()) {

if(gr.u_password_last_change){

try{ var lastChangeNum = new GlideDateTime(gr.u_password_last_change).getDate().getNumericValue(); var todaysNum = new GlideDateTime().getDate().getNumericValue(); var passwordAge = todaysNum - lastChangeNum;

//the number is milliseconds. 90days = 7776000000, 30days = 2592000000, if (passwordAge >= 7776000000 ) { gr.password_needs_reset = true; gr.update(); } i++; } catch(err){} gs.info('Number of users marked to change password on logon: '+i); } }