What is a one sentence summary of your feature request?
Feature Request - PPE - Apply Password Policy based on Active Directory Attribute
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
I would like to recommend using Active Directory Attributes (including extension attributes) in order to filter users to apply Fine Grained Password Policies in Netwrix PPE.
How do you currently solve the challenges you have by not having this feature?
We are currently using Security Groups or OUs, but it would be beneficial to use an extension attribute rather than Group or OU. Our use case is that we are going through a domain migration where the domain level password policies do not match in source and target domains. We would like to target an extension attribute to apply a more granular password policy to the users that are being migrated in order to match their Password Policies to the target domain.
There are other use cases outside of domain migrations, but this is our current scenario.
Hi Bill. Thanks for taking the time to post. Sorry you didn’t receive a reply sooner, but your post ended up in a different product section for some reason.
I can see how this would be a useful feature. Have you considered using a PowerShell script to populate some groups that you assigned to the PPE policies? It’s an extra step on your end, but it will be quicker to implement than waiting for us to add the feature. PPE does something similar for the extended maximum age feature, it maintains a group of users whose maximum age should be extended.
Thank you for your response. We are currently evaluating several alternative approaches, as we understand this feature request may take some time to be implemented, if Netwrix ultimately decides to add it. That said, we felt it was still worthwhile to submit, as similar use cases may arise in the future.
We also appreciate the suggestion to use PowerShell to populate the groups based on the attribute. Our main consideration with that approach is that it would require either manual execution or scheduled runs at various points throughout our migration process. While that is not a significant issue, it is another factor for us to consider. We will certainly include it among our potential solutions.
Yes, please do continue to submit requests to us so that we know what customers need. We may not get changes out quickly, but we are listening and looking for ways to make PPE better for you.