RE: Active Directory password expiry notification via email??



One option you can use is to write a script or application that queries your
AD servers via ADSI or LDAP and use the pwdLastSet property on each user to
see when they last set their password. Using that, you can use the value for
each OU/policy to determine when their password will expire.

You can use Microsoft's ldp.exe tool (I think it's included in the Windows
2000/Windows Server 2003 Resource Kit downloads or elsewhere on Microsoft's
site) to get a detailed view of the LDAP properties.

HTH

-----Original Message-----
From: Stephane Favre [mailto:stephane@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, July 12, 2006 10:46 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Active Directory password expiry notification via email??

Hi there

I was wondering whether there would be a way of letting users know via email
that their Active Directory password will be expiring in XX days. We have
quite
a few users that connect to our network only to collect email via PDA's and
other mobile devices. So they seldom, if ever, actually log onto a windows
PC.... it would be nice to inform these users that they need to contact the
helpdeks the next day to reset their password, ect.

We run a 2003 domain together with 2003 Exchange servers.

Any help / suggestions would be mostly appreciated.

Stephane
Woza 2010

_________
/\_/ \ /\
/ \/ \
--------------------

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------



Relevant Pages

  • Active Directory password expiry notification via email??
    ... that their Active Directory password will be expiring in XX days. ... practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)
  • Re: Active Directory password expiry notification via email??
    ... that their Active Directory password will be expiring in XX days. ... Hacking, like any art, will take years of dedicated study and practice to master. ... SensePost willl be at Black Hat Vegas in July. ...
    (Security-Basics)
  • Re: User stays logged in to servers.
    ... I am from the application side there are certain pratices that I am not ... There are other reasons that would suggest it is not a good practice, ... Not being a domain admin myself, ... documentation that logging off servers is part of best pratices? ...
    (microsoft.public.windows.server.security)
  • Re: Step By Step Best Practises
    ... Best practice, and I'm speaking for real life experience (both SBS2000 and ... but different people do installations differently ... Trust the SBS install and config wizards that come with SBS2000/2003. ... servers - don't run ISA and Exchangew on the same box, ...
    (microsoft.public.windows.server.sbs)
  • Re: paging space size - contempoary best practice.
    ... With todays drive sizes 8GB is cheap and easy. ... Buy more memory for servers that consistently page. ... paging space size - contempoary best practice. ...
    (AIX-L)