Windows Authentication password expiry

Celero Solutions asked on January 29, 2015 15:32

Hello, we have built a Kentico 7 website that users in our Active Directory access the site using their Windows account. While at work, they can access the site without logging in. Outside of the office, they are presented with a login where they enter the same windows credentials. When their password is about to expire, they are notified through their desktop.

We also have users that were not in our active directory, where we setup accounts for them. These users have to log in regardless of where they are, office or outside of their office. However, they are not notified that their password requires changing (as the "Windows Security" login box where they enter their credentials just asks for their user name and password). After 60 days they can no longer get into the site and don't know why.

Is there any way that we can setup in Kentico a warning when their password expires? From what I understand, we've imported into Kentico all of the Active Domain accounts but the passwords, expiry are not handled through Kentico... it doesn't "talk back" to Active Directory.

At the very least, is there a way to setup an "auto" email in Kentico when a user account expires? I was reading about password expiration on this page - - but I believe that this refers to the settings in Kentico and I don't know if they were set to the same as the Active Directory when imported.

Any ideas on what my options are?

Recent Answers

Roman Hutnyk answered on January 29, 2015 20:49

Celero, where did you setup account for those users, those were not in your Active Directory? In Kentico database or in the Active Directory? In case those accounts are in Kentico database (this requires mixed authentication mode - Forms + AD), you can configure this in Kentico settings in Sequrity & Membership -> Passwords -> Passwords expiration. If you created those accounts in Active Directory - I don't think there is an option to update password through Kentico, they should do that through their desktop. You might need to configure your application to use Windows + Forms authentication mode, so you'll be able to manage corporate accounts in Active Directory and non-corporate in Kentico.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.