Question

  • Creator
    Topic
  • #2146004

    Mobile users and password expiration

    Locked

    by it_girl_47 ·

    I have mobile users that connect to the network via VPN (cisco asa 5505) The problem is that when the users password is going to expire they are not alerted about the expiration, they just can’t login one day. How can I set this up so that they are prompted of the password expiration? Can this be done via group policy, script, etc? We are running all XP pro machines, server 2003 servers and lotus notes for email. Thank you

All Answers

  • Author
    Replies
    • #2562652

      Clarifications

      by it_girl_47 ·

      In reply to Mobile users and password expiration

      Clarifications

    • #2562593

      Will this help you?

      by Anonymous ·

      In reply to Mobile users and password expiration

      http://technet.microsoft.com/en-us/magazine/cc162348.aspx

      Please post back if you have any more problems or questions.

      • #2563779

        Not exactly…

        by it_girl_47 ·

        In reply to Will this help you?

        I am referring to my mobile users and their laptops. My users do not use smart phones in the field.

        • #2563639

          Sort of a work around

          by ic-it ·

          In reply to Not exactly…

          Setup their laptops with a scheduled task that opens a bat file with a reminder to connect and change the domain user password.
          Schedule it to repeat 2 days prior to the frequency of the domain policy. One day prior a second message with a please ignore if you have already done so.

        • #2564268

          Might work but…

          by it_girl_47 ·

          In reply to Sort of a work around

          Can you push this scheduled task to the PC’s via group policy? I have some users who I don’t see until the company christmas party at the end of the year. So manually setting up a scheduled task might be a challenge.

        • #2564249

          Run it as a logon script

          by ic-it ·

          In reply to Might work but…

          or even as a startup.
          To get more information on scheduling a task type schtasks /? at a cmd prompt.
          then type schtasks /create /?

        • #2451439

          Question

          by it_girl_47 ·

          In reply to Run it as a logon script

          Do you know how I would setup an automatically generated email sent from Domino 7 to notify the users of their password expiration? I know it would need to authenticate via SMTP but not sure where to add it in a script. Below is the script I am working with.

          Const SEC_IN_DAY = 86400
          Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
          Const ADS_SCOPE_SUBTREE = 2

          Set objConnection = CreateObject(“ADODB.Connection”)
          Set objCommand = CreateObject(“ADODB.Command”)
          objConnection.Provider = “ADsDSOObject”
          objConnection.Open “Active Directory Provider”

          Set objCOmmand.ActiveConnection = objConnection
          objCommand.CommandText = _
          “Select Name, distinguishedName from ‘LDAP://DC=MYDomain’ Where objectClass=’user’ AND objectClass <> ‘computer'”
          objCommand.Properties(“Page Size”) = 1000
          objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE
          Set objRecordSet = objCommand.Execute
          objRecordSet.MoveFirst

          Do Until objRecordSet.EOF

          If (InStr(objRecordSet.Fields(“Name”).Value, “SystemMailbox”) = 1) Then
          objRecordSet.MoveNext

          Else

          ldapStr = “LDAP://” & objRecordSet.Fields(“distinguishedName”).Value
          Set objUserLDAP = GetObject(ldapStr)

          intCurrentValue = objUserLDAP.Get(“userAccountControl”)
          Wscript.Echo “Name: ” & objRecordSet.Fields(“Name”).Value

          If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
          Wscript.Echo “The password does not expire.”
          Else
          dtmValue = objUserLDAP.PasswordLastChanged

          Set objDomainNT = GetObject(“WinNT://IL.MOC.LOCAL”)
          intMaxPwdAge = objDomainNT.Get(“MaxPasswordAge”)
          If intMaxPwdAge < 0 Then WScript.Echo "The password does not expire." Else intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY) Wscript.Echo "The maximum password age is " & intMaxPwdAge & " days" If intTimeInterval >= intMaxPwdAge Then
          Wscript.Echo “The password has expired.”
          Else
          Wscript.Echo “The password will expire on ” & _
          DateValue(dtmValue + intMaxPwdAge)
          End If
          End If
          End If
          Wscript.Echo “=====================================================”

          objRecordSet.MoveNext

          End If
          Loop

        • #2572889

          Nevermind

          by it_girl_47 ·

          In reply to Question

          I am trying a different type of script. Nevermind this question.

Viewing 1 reply thread