Failed to get password expiration date (0x8000500d)

Discussion in 'Parallels Remote Application Server' started by PatrickD8, Sep 25, 2019.

  1. PatrickD8

    PatrickD8 Bit Poster

    Messages:
    17
    Hi Parallels Team,
    we have adjusted the permissions of various OUs in our Active Directory.
    After this change we get the following entries in the RAS logs: "Failed to get password expiration date for user "some_user" with error 0x8000500d"
    Is this error message questionable? Which user / group does RAS use to access AD user properties?
    I ask this question to adjust the OU permissions accordingly.

    Best regards
    Patrick
     
  2. Eugene. K.

    Eugene. K. Parallels Team

    Messages:
    49
    I'll check and let you know
     
  3. Alexey Kutuzov

    Alexey Kutuzov Parallels Team

    Messages:
    39
    Dear Patrick,
    Please, use "View effective access" in OU Properties -> Security tab for "Authenticated users" where "Read", "List contents" & "Read all properties" + some specific Reads (custom permissions) are usually enabled by default.
    If you removed "Authenticated users" you can add the above permissions to "Authenticated users" for a particular OU.
    If you need more restrictions you can create an AD domain local group and add the PAs computer accounts to it and then delegate "Read all user information" permission to this group at OU level which will be applied for all descendant user objects. We never tested this but it should work.
     
  4. PatrickD8

    PatrickD8 Bit Poster

    Messages:
    17
    Hi Alexey,
    I have created a new group for the PAs and assigned read permissions for the OUs.
    After a reboot of the Master PA, I did not receive the message anymore. Many thanks for your help !

    Best regards
    Patrick
     

Share This Page