ADFS Password Expiration Notification alert

%3CLINGO-SUB%20id%3D%22lingo-sub-213111%22%20slang%3D%22en-US%22%3EADFS%20Password%20Expiration%20Notification%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-213111%22%20slang%3D%22en-US%22%3E%3CP%3Eis%20there%20a%20way%20to%20have%20ATA%20notify%20when%20someone%20change%20and%20AD%20have%20an%20expiration%20date%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-213111%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214065%22%20slang%3D%22en-US%22%3ERE%3A%20ADFS%20Password%20Expiration%20Notification%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214065%22%20slang%3D%22en-US%22%3EThat%20sounds%20more%20like%20something%20your%20SIEM%20or%20some%20other%20AD%20reporting%20tool%20would%20alert%20on.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-213568%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20ADFS%20Password%20Expiration%20Notification%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-213568%22%20slang%3D%22en-US%22%3E%3CP%3EExpiration%20Data%20attribute.%26nbsp%3B%20Seem%20like%20we%20have%20someone%20changing%20Expiration%20Date%20attribute%20on%20account%20and%20we%20are%20not%20aware%20of%20change%20until%20it%20was%20too%20late%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-213538%22%20slang%3D%22en-US%22%3ERE%3A%20ADFS%20Password%20Expiration%20Notification%20alert%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-213538%22%20slang%3D%22en-US%22%3EHey%20Charles--can%20you%20further%20specify%20your%20question%3F%20When%20you%20say%20%22when%20someone%20change%20and%20AD%20have%20an%20expiration%20date%22%2C%20what%20are%20you%20specifically%20asking%3F%20Is%20this%20referring%20to%20someone%20changing%20a%20password%3F%20Is%20this%20when%20the%20%22ExpirationDate%22%20attribute%20on%20the%20account%20is%20modified%20for%20a%20particular%20user%3F%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

is there a way to have ATA notify when someone change and AD have an expiration date?

 

 

3 Replies
Highlighted
Hey Charles--can you further specify your question? When you say "when someone change and AD have an expiration date", what are you specifically asking? Is this referring to someone changing a password? Is this when the "ExpirationDate" attribute on the account is modified for a particular user?
Highlighted

Expiration Data attribute.  Seem like we have someone changing Expiration Date attribute on account and we are not aware of change until it was too late?

 

 

Highlighted
That sounds more like something your SIEM or some other AD reporting tool would alert on.