Hi, Sure - see
http://www.nuffield.ox.ac.uk/users/holmes/reportpasswordchange.zip There are three files, the .vbs, which you will need to edit to suit your environment, a text file which is the text that will be included in the email sent to the user, and a .bat file which just calls the script - this batch file should be run as a scheduled task in the context of a user with read access to AD. I have edited out much of the config for security reasons, you will need to have a look at the .vbs and change settings where appropriate - ie your domain, the password expiry no of days etc - it's all pretty straightforward. You will need to create a secure password reset page, we use a .NET control to achieve this. Note the page will need to run in the context of a user with *write* access to AD. There are other scripts out there that do this, just Google 'password expiry script' or similar. Regards, Mark -----Original Message----- From: Kosala Atapattu [mailto:[email protected]] Sent: 21 July 2009 04:48 To: Mark Holmes Cc: [email protected]; [email protected] Subject: Re: Forcing Password Changes for Non-Interacitve Logons Care to share the script :). Kosala On Tue, Jul 21, 2009 at 1:55 AM, Mark Holmes<[email protected]> wrote: > Hi, > > We have a similar issue at my place - not all users are joined to the > domain, so don't do an interactive logon. I use a vb script which > runs nightly and checks AD for users whose password is due to expire, > it sends email reminders 14 7 3 and 2 days before expiry via email > (pulls the users address from AD). They then go to a secure page on > our intranet to change their password. > > Cheers, > > Mark > > > On 20 Jul 2009, at 23:32, "[email protected]" > <[email protected]> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? > > On 20 Jul 2009, at 23:32, "[email protected]" > <[email protected]> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? >> > -- Kosala -------------------------------------------- Disclaimer: Views expressed in this mail are my personal views and they would not reflect views of the employer. -------------------------------------------- blog.kosala.net www.linux.lk/~kosala/ www.kosala.net
