Getting password expiration date from AD using UCS

All -

We are using UCS to pull our AD infrastructure into UCS to send LDAP information onto Google for integration and I am wondering if there is any way to get the expiration date of our AD passwords to come over as a field in LDAP. Basically, what we plan on doing is writing a script that runs against the password expiration field and if that date is within 14 days of expiry, notify the users via an e-mail message. We have more and more users using non-Windows systems and the normal AD notification of the password expiring won’t work for Mac and Linux users, so we want to utilize the UCS to help us with this.

Any suggestions/comments on where I can find this information? I appreciate any help I can get!!

Thank you,


Univention uses a component called the AD connector for syncing LDAP content with the AD. It comes with a configuration file (which is actually Python code) which contains the mapping between the two directories. You can find it in a sub-directory of /etc/univention/connector; the file itself is called

If you want to experiment with it I highly suggest you create a full backup of your UCS machine before starting. After modifying the file you’ll have to restart the AD connector service (something like “service univention-ad-connector restart”). In order to have existing entries be synced you’ll also have to resync the connector with the command “univention-directory-listener-ctrl resync ad-connector”.

in case anyone bumps in this, nowadays (UCS 4.4) the configuration mapping file is located at:

1 Like