我们有很多Azure B2C租户 - 大约30个。我们注意到 - 客户现在正在投诉 - 密码“似乎”即将到期。但是,没有发送密码到期通知。 (除了“无效的用户名或密码”的过期密码的B2C错误消息之外,这不是非常有用的信息)。
这些是本地帐户,并使用电子邮件地址进行登录。有没有关于为什么在密码到期之前没有发送通知(电子邮件)的线索?
另请注意,显然B2C没有密码到期策略:
这是从B2CGraphClient返回的数据:
{
"odata.type": "Microsoft.DirectoryServices.User",
"objectType": "User",
"objectId": "<redacted objectid>",
"deletionTimestamp": null,
"accountEnabled": true,
"ageGroup": null,
"assignedLicenses": [],
"assignedPlans": [],
"city": null,
"companyName": null,
"consentProvidedForMinor": null,
"country": null,
"createdDateTime": "2018-03-08T00:46:29Z",
"creationType": "LocalAccount",
"department": null,
"dirSyncEnabled": null,
"displayName": "Super Admin",
"employeeId": null,
"facsimileTelephoneNumber": null,
"givenName": null,
"immutableId": null,
"isCompromised": null,
"jobTitle": null,
"lastDirSyncTime": null,
"legalAgeGroupClassification": null,
"mail": null,
"mailNickname": "<redacted other id>",
"mobile": null,
"onPremisesDistinguishedName": null,
"onPremisesSecurityIdentifier": null,
"otherMails": [],
"passwordPolicies": null,
"passwordProfile": null,
"physicalDeliveryOfficeName": null,
"postalCode": null,
"preferredLanguage": null,
"provisionedPlans": [],
"provisioningErrors": [],
"proxyAddresses": [],
"refreshTokensValidFromDateTime": "2018-06-11T16:53:48Z",
"showInAddressList": null,
"signInNames": [
{
"type": "emailAddress",
"value": "<redacted email address>"
}
],
"sipProxyAddress": null,
"state": null,
"streetAddress": null,
"surname": null,
"telephoneNumber": null,
"[email protected]": "directoryObjects/<redacted objectid>/Microsoft.DirectoryServices.User/thumbnailPhoto",
"usageLocation": null,
"userIdentities": [],
"userPrincipalName": "<redacted other id>@<redacted tenant>.onmicrosoft.com",
"userState": null,
"userStateChangedOn": null,
"userType": "Guest"
}
以下是来自Get-MSOLUser
的数据:
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AlternateEmailAddresses : {}
AlternateMobilePhones : {}
AlternativeSecurityIds : {}
BlockCredential : False
City :
CloudExchangeRecipientDisplayType :
Country :
Department :
DirSyncProvisioningErrors : {}
DisplayName : Super Admin
Errors :
Fax :
FirstName :
ImmutableId :
IndirectLicenseErrors : {}
IsBlackberryUser : False
IsLicensed : False
LastDirSyncTime :
LastName :
LastPasswordChangeTimestamp : 6/11/2018 4:53:48 PM
LicenseReconciliationNeeded : False
Licenses : {}
LiveId : <redacted id>
MSExchRecipientTypeDetails :
MobilePhone :
ObjectId : <redacted objectid>
Office :
OverallProvisioningStatus : None
PasswordNeverExpires :
PasswordResetNotRequiredDuringActivate :
PhoneNumber :
PortalSettings :
PostalCode :
PreferredDataLocation :
PreferredLanguage :
ProxyAddresses : {}
ReleaseTrack :
ServiceInformation : {}
SignInName : <redacted other id>@<tenant>.onmicrosoft.com
SoftDeletionTimestamp :
State :
StreetAddress :
StrongAuthenticationMethods : {}
StrongAuthenticationPhoneAppDetails : {}
StrongAuthenticationProofupTime :
StrongAuthenticationRequirements : {}
StrongAuthenticationUserDetails : Microsoft.Online.Administration.StrongAuthenticationUserDetails
StrongPasswordRequired :
StsRefreshTokensValidFrom : 6/11/2018 4:53:48 PM
Title :
UsageLocation :
UserLandingPageIdentifierForO365Shell :
UserPrincipalName : <redacted other id>@<tenant>.onmicrosoft.com
UserThemeIdentifierForO365Shell :
UserType : Guest
ValidationStatus : Healthy
WhenCreated : 3/8/2018 12:46:29 AM
我相信密码即将到期,因为创建了本地帐户而没有将passwordPolicies属性设置为DisablePasswordExpiration
。
因此,密码在90天后到期,不幸的是,受影响的最终用户不会收到通知。
如果使用内置策略创建本地帐户,则此策略将此属性设置为DisablePasswordExpiration
。
如果使用自定义策略或Azure AD Graph API创建本地帐户,则必须将该属性设置为DisablePasswordExpiration
。
有关Azure AD Graph API的信息,请参阅the Create consumer user accounts section的the Azure AD B2C: Use the Azure AD Graph API article,以获取此示例。
要解决此问题,您可能必须:
DisablePasswordExpiration
。