Skip Navigation

Configure the password expiration warning message

Active Directory
users and user groups that use the PSO (Password Settings Object) method to set the maximum password age, you can configure
to allow users'
BlackBerry Work
apps to display a warning message when their
Active Directory
password is about to expire.
In the
BlackBerry UEM
management console, Email notifications for
BlackBerry Work
must be configured using the Credential authentication type to display the Password expiry tab.
For information on displaying a warning message for users that use the GPO (Global Policy Object) method to set the maximum password age, see the
BlackBerry Work
administration content
  • Make sure that you have the following information:
    • Logon credentials for the service account that is used to authenticate to the domain controller.
    • LDAP server name and port number. The LDAP server name must be one of the Domain Controllers.
  • Verify that a
    BlackBerry Connectivity Node
    is installed and configured in your environment. For more information, see Steps to install and activate the BlackBerry Connectivity Node.
  • Verify that administrators use the PSO method to set the maximum password age for the users.
  • Verify that users in your environment are running
    BlackBerry Work
    3.8 or later.
  1. In the management console, click
    Settings > BlackBerry Dynamics > Email notifications
  2. Click the
    Password expiry
  3. Click The Edit icon.
  4. Select the
    Enable password expiry
    checkbox to allow
    to query
    Active Directory
    for password expiry details for the users.
  5. In the
    LDAP server name
    field, type the name of the LDAP Server (for example, ldap.<
  6. In the
    LDAP port
    field, type the port number of the LDAP computer. The default port is 389.
  7. Enter the LDAP logon account and password. You can enter the logon account in the format
    or User Principal Name (UPN)
  8. In the
    Base DN (Domain controller)
    field, enter the base DN for the LDAP search. If this entry is not set,
    tries to find the base DN in the namingContexts attribute.
  9. Optionally, select the
    Enable SSL LDAP
    checkbox to tunnel data through an SSL-encrypted connection. If you enable SSL LDAP, type the port number to the LDAP computer that you used in step 6. The default port for is 636. This step requires you to import the LDAP certificate into the
    keystore. For instructions, see Create a trusted connection between BEMS Cloud and Microsoft Exchange Server.
  10. Click
    to test the connection to the LDAP server.
  11. Click