> For the complete documentation index, see [llms.txt](https://docs.rewst.help/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.rewst.help/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/crates/existing-crate-documentation/on-premises-active-directory-password-expiration-alerts-crate.md). # On-Premises Active Directory Password Expiration Alerts Crate {% hint style="info" %} If you’re new to Crates, read through our introductory Crate documentation [here](https://docs.rewst.help/prebuilt-automations/crates). Find the Crate in our Crate Marketplace. {% endhint %} ## What does the On-Premises Active Directory Password Expiration Alerts Crate do? Our On-Premises Active Directory Password Expiration Alerts Crate automates the process of monitoring password expiration for on-premises Active Directory users, ensuring that users are notified well in advance. By sending timely email alerts, it helps maintain security and minimizes disruptions by prompting users to update their passwords before they expire. This workflow is designed for on-premises Active Directory only. It does not monitor or interact with cloud-based directories like Entra ID. This Crate doesn't perform password resets; it only sends notifications. Users must update their passwords manually through the appropriate channels. The workflow does not provide real-time alerts. There may be a slight delay between when a password expiration is detected and when the notification is sent. ### How the Crate works * Automatically checks for user passwords expiring in 14, 7, 3, and 1 day, ensuring users are well-informed ahead of time * Sends email alerts to users, reminding them to change their passwords before the expiration date, reducing the risk of account lockout * Ensures that passwords are updated promptly, reducing the likelihood of unauthorized access due to expired passwords * Streamlines the password management process, lowering the frequency of IT support tickets related to password issues and freeing up resources for other critical tasks The workflow is initiated by a scheduled task that runs a PowerShell script at predefined intervals. If Rewst's [PowerShell interpreter](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/rewst-tools/powershell-interpreter.md) tool is installed, Crate workflows which have multiple-system dependencies will have increased efficiency with faster and more consistent cloud-native executions that are completed in seconds. ## Crate prerequisites One of the following RMM integrations must be set up before unpacking this Crate: * [ConnectWise Control](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/connectwise-control-screenconnect.md) * [Datto RMM](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/datto-rmm-integration-setup.md) * [ImmyBot](mailto:undefined) * [Kaseya VSA](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/kaseya-vsa-integration-setup.md) * [Kaseya VSA X](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/kaseya-vsa-x-integration-setup.md) * [N-able (NAble)](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/n-able-n-sight-integration.md) * [NinjaOne](https://app.gitbook.com/o/mdGoyUomPKsvu1TSazxc/s/AQQ1EHVcEsGKBPVHmiav/documentation/configuration/integrations/integration-guides/ninjaone-integration-setup) * [SuperOps](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/integrations/integration-guides/superops-integration.md) The following must be set up before unpacking this Crate: * [PowerShell](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/jinja/use-powershell-scripts-in-rewst.md) scripts * `password_expiry_crate_admin_email` [organization variable](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/configuration/organization-variables.md#what-is-an-organization-variable) ## Unpack the On-Premises Active Directory Password Expiration Alerts Crate 1. Navigate to **Crates** > **Crate Marketplace** in the left side menu Rewst platform. 2. Search for `On-Premises Active Directory Password Expiration Alerts`.​ ![](/files/qYc5TcCk6Ajps5lgB89N) 3. Click on the Crate tile to begin unpacking. 4. Click **Unpack Crate**. 5. Click **Continue**. 6. Enter **Time Saved** under **Crate Configuration**. 7. Ensure that **Enabled** is toggled on under **Configure Triggers**.\ Note that you have the option under the **Cron Job** accordion menu to activate the Crate for all future organizations in addition to the current one. You may also set [trigger criteria](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/automations/intro-to-triggers/trigger-criteria.md) or [integration overrides](/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/automations/intro-to-triggers.md). 8. Click **Unpack**. ### Test the Crate 1. Navigate to **Automations > Workflows** in the left side menu of your Rewst platform. 2. Search for `[REWST - TASK] Run Powershell via RMM`.
3. Click on the workflow to view it in the Workflow Builder. 4. Select either **Form Trigger** or **Password Change Form** from the trigger drop-down list. 5. Click **Test** in the top right corner of the Workflow Builder Canvas. 6. Set or fill out the following fields accordingly: * **Trigger Context Organization** - Select the applicable organization\ Choose an organization and user you use for testing, to allow you to log in and confirm that the desired results are achieved. * **Password** - Change the user's password * **PSA Ticket ID** - Update ticket with the details of this workflow run * **Username** - User context under which the PowerShell script will run * **IDP Configuration** - The accepted values are: * `on_prem` * `hybrid_no_sync` * `azure_ad` * `on_prem_only` If no value is provided. the value will be determined via organization variable logic. * **skip\_ticket** - Set to true if you do not want any ticketing done * **Unlock Account** - Unlocks account for locked out accounts * **User ID** - User ID if no username provided * **Force Password Reset** - Force the user to change their password when logging in, defaults to true 7. Click **Test**. 8. Allow the workflow to run. 9. You'll see a green success message at the top of your screen if the execution is successful. You'll see a red failure message if the execution fails. Click **View Results** for a more detailed breakdown of each. {% hint style="info" %} Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our [Canny feedback collector](https://rewst.canny.io/crates). {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.rewst.help/~/revisions/XPl7OpcVJrUAYPfsdid4/documentation/crates/existing-crate-documentation/on-premises-active-directory-password-expiration-alerts-crate.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.