設定密碼到期宣告傳送給 AD FSConfigure AD FS to Send Password Expiry Claims

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

您可以設定傳送到信賴廠商信任(應用程式)所保護 ADFS 密碼到期宣告的 Active Directory 同盟 Services (AD FS)。You can configure Active Directory Federation Services (AD FS) to send password expiry claims to the relying party trusts (applications) that are protected by ADFS. 如何使用這些宣告應用程式而有所不同。How these claims are used depends on the application. 例如使用 Office 365,為您信賴,更新已實作通知聯盟的使用者他們即將-到--已過期的密碼換貨及 Outlook。For example, with Office 365 as your relying party, updates have been implemented to Exchange and Outlook to notify federated users of their soon-to-be-expired passwords.

若要設定密碼傳送給 AD FS 到期宣告信賴的派對信任,您必須將下列理賠要求規則加入派對信任信賴:To configure AD FS to send password expiry claims to a relying party trust, you must add the following claim rules to this relying party trust:

c1:[Type == "http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime"]
=> issue(store = "_PasswordExpiryStore", types = ("http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime", "http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays", "http://schemas.microsoft.com/ws/2012/01/passwordchangeurl"), query = "{0};", param = c1.Value);

注意

密碼到期宣告只適用於的使用者名稱與密碼,以及 Microsoft Passport 工作驗證類型。Password expiry claims are only available for username and password and Microsoft Passport for Work authentication types. 如果要驗證使用者使用 Windows 整合式的驗證和 Passport 未設定宣告將無法使用,使用者將不會看到密碼到期通知。If the user authenticates using Windows integrated authentication and Passport is not configured, the claims will not be available and the users will not see password expiry notifications.

注意

會在 14 天,如果密碼在 14 天後過期,只會填入傳送的主張。There is a 14 days window so the sent claims will only be populated if the password is expiring within 14 days.

也了See Also

AD FS 作業AD FS Operations