[VMC on AWS] VMC SDDC vCenter Server shows inaccurate password expiry banner notification for Active Directory users
search cancel

[VMC on AWS] VMC SDDC vCenter Server shows inaccurate password expiry banner notification for Active Directory users

book

Article ID: 329603

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Symptoms:
  • Inaccurate password expiry banner notification is displayed for Active Directory users in the vCenter HTML5 Client 


Cause

This can occur if Password Settings Object (PSO) is applied, in this case the password lifetime is fetched from the attribute PasswordSettingsAttributeMaximumPwdAge otherwise its fetched from DomainAttributeMaxPwdAge.

Also :
  • vCenter is using the default GPO to determine the Password expiration to display the notification instead. AD password expiry notification uses incorrect date for calculation.
  • Microsoft Dynamic Access Control is used to set individual password expiration. 

Resolution

This is a known issue affecting VMware Cloud on AWS and currently there is no resolution.

Workaround:
Please use Native Active Directory password expiration policy's for user account notifications.