Mobile users and password expiration

By IT_Girl_47 ·
I have mobile users that connect to the network via VPN (cisco asa 5505) The problem is that when the users password is going to expire they are not alerted about the expiration, they just can't login one day. How can I set this up so that they are prompted of the password expiration? Can this be done via group policy, script, etc? We are running all XP pro machines, server 2003 servers and lotus notes for email. Thank you

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Will this help you?

Please post back if you have any more problems or questions.

Collapse -

Not exactly...

by IT_Girl_47 In reply to Will this help you?

I am referring to my mobile users and their laptops. My users do not use smart phones in the field.

Collapse -

Sort of a work around

by IC-IT In reply to Not exactly...

Setup their laptops with a scheduled task that opens a bat file with a reminder to connect and change the domain user password.
Schedule it to repeat 2 days prior to the frequency of the domain policy. One day prior a second message with a please ignore if you have already done so.

Collapse -

Might work but...

by IT_Girl_47 In reply to Sort of a work around

Can you push this scheduled task to the PC's via group policy? I have some users who I don't see until the company christmas party at the end of the year. So manually setting up a scheduled task might be a challenge.

Collapse -

Run it as a logon script

by IC-IT In reply to Might work but...

or even as a startup.
To get more information on scheduling a task type schtasks /? at a cmd prompt.
then type schtasks /create /?

Collapse -


by IT_Girl_47 In reply to Run it as a logon script

Do you know how I would setup an automatically generated email sent from Domino 7 to notify the users of their password expiration? I know it would need to authenticate via SMTP but not sure where to add it in a script. Below is the script I am working with.

Const SEC_IN_DAY = 86400

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, distinguishedName from 'LDAP://DC=MYDomain' Where objectClass='user' AND objectClass <> 'computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF

If (InStr(objRecordSet.Fields("Name").Value, "SystemMailbox") = 1) Then


ldapStr = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
Set objUserLDAP = GetObject(ldapStr)

intCurrentValue = objUserLDAP.Get("userAccountControl")
Wscript.Echo "Name: " & objRecordSet.Fields("Name").Value

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
Wscript.Echo "The password does not expire."
dtmValue = objUserLDAP.PasswordLastChanged

Set objDomainNT = GetObject("WinNT://IL.MOC.LOCAL")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge < 0 Then
WScript.Echo "The password does not expire."
intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
Wscript.Echo "The maximum password age is " & intMaxPwdAge & " days"
If intTimeInterval >= intMaxPwdAge Then
Wscript.Echo "The password has expired."
Wscript.Echo "The password will expire on " & _
DateValue(dtmValue + intMaxPwdAge)
End If
End If
End If
Wscript.Echo "====================================================="


End If

Collapse -


by IT_Girl_47 In reply to Question

I am trying a different type of script. Nevermind this question.

Related Discussions

Related Forums