Failed to get password expiration date (0x8000500d)

Discussion in 'Parallels Remote Application Server' started by PatrickD8, Sep 25, 2019.

  1. PatrickD8

    PatrickD8 Member

    Messages:
    41
    Hi Parallels Team,
    we have adjusted the permissions of various OUs in our Active Directory.
    After this change we get the following entries in the RAS logs: "Failed to get password expiration date for user "some_user" with error 0x8000500d"
    Is this error message questionable? Which user / group does RAS use to access AD user properties?
    I ask this question to adjust the OU permissions accordingly.

    Best regards
    Patrick
     
    PatrickD8, Sep 25, 2019
    #1
  2. Eugene. K.

    Eugene. K. Parallels Team

    Messages:
    124
    I'll check and let you know
     
    Eugene. K., Sep 27, 2019
    #2
  3. Alexey Kutuzov

    Alexey Kutuzov Parallels Team

    Messages:
    83
    Dear Patrick,
    Please, use "View effective access" in OU Properties -> Security tab for "Authenticated users" where "Read", "List contents" & "Read all properties" + some specific Reads (custom permissions) are usually enabled by default.
    If you removed "Authenticated users" you can add the above permissions to "Authenticated users" for a particular OU.
    If you need more restrictions you can create an AD domain local group and add the PAs computer accounts to it and then delegate "Read all user information" permission to this group at OU level which will be applied for all descendant user objects. We never tested this but it should work.
     
    Alexey Kutuzov, Sep 27, 2019
    #3
  4. PatrickD8

    PatrickD8 Member

    Messages:
    41
    Hi Alexey,
    I have created a new group for the PAs and assigned read permissions for the OUs.
    After a reboot of the Master PA, I did not receive the message anymore. Many thanks for your help !

    Best regards
    Patrick
     
    PatrickD8, Oct 3, 2019
    #4

Share This Page