My main domain has around 25K users, that is a SMB to Brian :-]
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, June 16, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Wed, Jun 16, 2010 at 11:32 AM
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, June 15, 2010 7:30 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 3:11 PM, Ben Scott wrote:
> ... from "No password expiration&quo
On Wed, Jun 16, 2010 at 11:32 AM, Free, Bob wrote:
> I respectfully disagree that one is as good as the other in this
> particular case but to each his own.
I think the LDAP query approach is far more flexible and powerful,
so it's good to be aware of the capability and have it available.
Thank
]
Sent: Tuesday, June 15, 2010 5:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob wrote:
> You don't need a tool, just do an LDAP query for pwdLastSet. I would use
> adfind as it will decode the timestamps
.com]
Sent: Tuesday, June 15, 2010 7:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob wrote:
> You don't need a tool, just do an LDAP query for pwdLastSet. I would
use
> adfind as it will decode the timest
y, June 15, 2010 7:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob wrote:
> You don't need a tool, just do an LDAP query for pwdLastSet. I would use
> adfind as it will decode the timestamps, dump to a cs
You can find AdFind, along with many other goodies here:
http://joeware.net/freetools/tools/adfind/index.htm
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, June 15, 2010 7:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob wrote:
> You don't need a tool, just do an LDAP query for pwdLastSet. I would use
> adfind as it will decode the timestamps, dump to a csv and massage in
> excel.
I don't seem to have an "ADFIND" command. Is that new in 2003/2008
or something?
> ADFI
---Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, June 15, 2010 4:30 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 3:11 PM, Ben Scott wrote:
> ... from "No password expiration" to &
On Tue, Jun 15, 2010 at 3:11 PM, Ben Scott wrote:
> ... from "No password expiration" to "X days" ...
> ... 8-year-expired password before ...
Thank you, everyone, for your informative and helpful responses!
I think what I'll do is configure the password complexity
requirements first, and th
Schedule the change for out of hours or during a quiet period), inform the
users, force all machines to log off.
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, 16 June 2010 5:12 AM
To: NT System Admin Issues
Subject: Password policy enforcement after a
Okay ... we had no problems maybe because we had assigned pw's which the
users could not change. We only had one VPN user - that never used it :-\
Now we have about 20 VPN users. We also executed the Group Policy and went
thru AD and checked "force pw change" at around 10PM and announced it many
Ben,
They will have all sorts of problems accessing resources if you changed that
right now. :)
The remote people would be especially pleased with you. Depending on what
services they were trying to access, they *might* be told to change their
passwords, but many of the resources would just do
mail.com]
Sent: Tuesday, June 15, 2010 3:23 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
Hmm we did that ~ 2 yrs ago. We used to assign passwords but *finally* sold
it to upper mgt to do it via Active Dir and the built in complexity policy
(2003 native
By the designated date. Top posted for your confusion.
On Tue, Jun 15, 2010 at 3:17 PM, Jonathan Link wrote:
> Yes, it will interfere with accessing resources.
> I had to schedule a day in our office so everyone knew well in advance.
> Those that couldn't or chose not to be at work that day had
Hmm we did that ~ 2 yrs ago. We used to assign passwords but *finally* sold
it to upper mgt to do it via Active Dir and the built in complexity policy
(2003 native mode). It went pretty well, nobody lost access, they had to
change their passwords at next logon. We announced it well before hand
(
Yes, it will interfere with accessing resources.
I had to schedule a day in our office so everyone knew well in advance.
Those that couldn't or chose not to be at work that day had an
administratively assigned password (in the event that they needed access),
or change their password in advance of t
17 matches
Mail list logo