The “big problem”
Who doesn’t know complains about users who are not getting the notification in Windows that their password will expire or customers saying that it doesn’t work. Only because they don’t see it …
To be honest, I have no idea where the users are looking at when they sit in front of their computer, maybe you know?
However, we somehow need to solve this problem and what fits better than sending mail reminders?!
Maybe telling the users the purpose of a screen?
Things to take care of
“It’s so easy! You only need to check if the password is older than X days and send a mail to the user!”
For sure … but what about:
- FGPP (Fine Grained Password Policies)
- Accounts with PasswordNeverExpires set
- Users who didn’t change their password until now (because they never logged on, for whatever reason)
- Accounts without a mailbox
- Accounts which aren’t “standard accounts”, like accounts for functional mailboxes, scheduled tasks, …
These are just the first few things which came into my mind and we all know there are more depending on the customers needs and the setup.
So, I made a script for it.
The script takes care of FGPP, PasswordNeverExpires, no pwdLastSet set.
It sends a reminder mail X days (configurable) before the password expires to the user and to the user given in the managedBy attribute (if set).
Of course a valid address in the mail attribute has to be set.
You can configure some stuff in the configuration XML and change the text of the mail sent in the template file.
You can create different configurations and call the script with -Xml <Path\To\Config.xml> to point it to the needed one.
Was this helpful?
0 / 0