How does a password expiration timer job detects which
users to send password expiration email to?
It doesn’t retrieve user information directly from LDAP, but get the current AD maxPasswordAge from AD root node through LDAP, then search the user by the user logon name among entire AD, then get user’s pwdLastSet. Finally calculate the user’s password remain period and expiration date according to the above two values.
(Expiration days = maxPasswordAge -(Today – pwdLastSet) )
Password Expiration functions in SharePoint Timer Job Service. Whether the user information from other domain can be retrieved or not depends on the relevant permission of the current account for SharePoint Timer Job Service. Under one-way trust environment, users(or services) that is not trusted by another domain cannot retrieve information from that specific AD information.
Applies for: SharePoint 2013, SharePoint 2010, SharePoint 2007