Re: Password Expire
- From: lucasno1 <lucasno1@xxxxxxxxxxxxxx>
- Date: Tue, 8 Jan 2008 05:33:36 -0800 (PST)
On 8 Jan, 12:50, John McC <John...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
Sorry we are running Exchange 2007.
We have one fron end Edge server in our DMZ which passes email onto two
Client Access servers (Load balanced) then to clustered Mailbox servers
Thanks
John
"lucasno1" wrote:
On 8 Jan, 12:15, John McC <John...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
We have a few users who never log into our domain but collect Email through
Outlook Anywhere. When the password expires on their AD user account they
use for their mailbox they can't collect their email until the password has
been reset. Is there a way to notify the users (by email?) that their user
account will expire in the next X days?
All help and advice appreciated
Thanks
John McC
Hi John,
You don't mention what version of Exchange you are running??
Thanks
Lucas Doherty MCP
Hi John,
Exchange 2007 by default should notify users that their password will
expire when they are logged into OWA by means of a notification banner
at the top of the page (starting i believe 15 days before expiration).
I have read about quite a few people having issues with this, plus not
all users pay that much attention!
I used to schedule a script to run every 24 hours on my Exchange 2003
server to do just this, I do not have the script i used any more but
have found this (the one I used was a bit simpler if I recall
correctly):
------------------script begins below-----------------
'
'
' If anyone modifies this script, please comment and give credit where
it belongs
' Please also leave all comments intact, unless you are changing the
funcitonality
' in that case, change what is necessary to explain. Also, please
post any modifications
' so that we all may benefit.
'
'
'
' If you need a cheap (free) solution to notify external users that
their passwords were about to
' expire, this script should do the trick. It is especially helpful
if some of your users never
' access the domain controller.
'
' Make sure the password change feature in OWA is working first.
' This script will provide a notification to all users who's passwords
is about
' to expire and also provides instructions on how to do so all in one
convenient e-mail.
'
' If set this script as a scheduled task on the Domain Controller,
this script should run
' at whatever schedule you decide to set and should not require
adminsitrative intervention
'
' This script will scan the 'HOSTING_OU' and ALL sub OUs below it and
determine who needs
' to change or reset their passwords based on your domains maximum
password age.
'
' Depending on the value of 'bSendMail' the script does one of two
things:
' 1. If false - the script will generate a notification box displaying
all users who
' need their passwords changed.
' 2. If true - Send an e-mail to these users and pull the instructions
from this file:
' c:\passwordchange.txt and send those in the e-mail also. That
file needs to be created
' by you and the name/location can be changed as long as it is
specified in the proper
' place in this script.
'
' These things will need to be changed:
' - The few items in Michael Smith's comments (see below)
' - The objMail.Subject and objMail.Textbody (if you want to) from
the SendEmail subroutine
' - The instructions on how your company changes the passwords in
each given situation.
'
' When testing the file with the instructions, it might be best to
refer to Michael B. Smith's
' original code on his webpage (noted below). This way, you can put a
test user into an OU and
' only send the e-mail to one test user, open their mailbox within
your account (to avoid
' changing the password) and practice the way it lines up and
everything else
'
' It should be noted that using netPWage.exe is helpful in comparing
users. It an be downloaded
' here: http://www.optimumx.com/download/
'
'
' The code is not organized as best as it could be and some of
variables don't make the most sense to some
' people but the script works for its intended purpose.
'
'
' Hope this helps some people because I couldn't find a free solution
that would work for our situation.
'
'
'
' Credit goes to:
' Ths script is comprised of a few people's efforts.
'
' Most of the code is from Michael B. Smith see Michaels comments
below.
' This code is located on his blog here:
http://blogs.brnets.com/michael/archive/2005/09/13/1474.aspx
'
' The code that reads the text file with the instructions comes from
Paul Sadowski.
' His code is located here: http://www.paulsadowski.com/WSH/cdo.htm
'
' The remainder of Modification and testing was done by our
developer and myself.
'
' Credits end here (Thanks to all who have helped).
'
'
'
'
' Michaels comments begin here
' exch-pwd-expires.vbs
'
' Michael B. Smith
' March 21, 2005
'
' This program scans all users in the Users container and all
organizational units
' beneath the HOSTING_OU organizational unit, for users whose
passwords have either
' already expired or will expire within DAYS_FOR_EMAIL days.
'
' An email is sent, using CDO, via the SMTP server specified as
SMTP_SERVER to the
' user to tell them to change their password. You should change
strFrom to match
' the email address of the administrator responsible for password
changes.
'
' You will, at a minimum, need to change the SMTP_SERVER, the
HOSTING_OU, and the
' STRFROM constants. If you run this on an Exchange server, then
SMTP_SERVER can
' be "127.0.0.1" - and it may be either an ip address or a
resolvable name.
'
' If you don't have an OU containing sub-OU's to scan, then set
HOSTING_OU to the
' empty string ("").
'
' Michael's comments end here
'
'
Option Explicit
'if bSendMail is set to True, it sends an e-mail to everyone
'if bSendMail is set to False, it generates a text box with those
addresses
Const bSendMail = True
' Per environment constants - you should change these!
Const HOSTING_OU = "The OU to enumerate"
Const SMTP_SERVER = "192.168.x.x"
Const STRFROM = "postmaster@xxxxxxxxxxxxxx"
Const DAYS_FOR_EMAIL = 15
' System Constants - do not change
Const ONE_HUNDRED_NANOSECOND = .000000100 ' .000000100 is equal
to 10^-7
Const SECONDS_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
' Change to "True" for extensive debugging output
Const bDebug = False
'This is the code that opens the text file with instructions on
'how to change the password.
'This code is modified and originally posted here:
'http://www.paulsadowski.com/WSH/cdo.htm
'simply create a text file with your instructions and put
'it where you want to on the hard drive of the computer
'where this file is to be run. make sure to change the path in this
script.
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim fso, txtarray, BodyText
Set fso = CreateObject("Scripting.FileSystemObject")
Set txtarray = fso.OpenTextFile("c:\passchange.txt", ForReading)
'The ReadAll method reads the entire file into the variable BodyText
BodyText = txtarray.ReadAll
'Close the file
txtarray.Close
Set txtarray = Nothing
Set fso = Nothing
'End of Paul Sadowski's code. (BodyText is called in the SendEmail sub
near the end of the script)
Dim objRoot
Dim numDays, iResult
Dim strDomainDN
Dim objContainer, objSub
Set objRoot = GetObject ("LDAP://RootDSE";)
strDomainDN = objRoot.Get ("defaultNamingContext")
Set objRoot = Nothing
numdays = GetMaximumPasswordAge (strDomainDN)
dp "Maximum Password Age: " & numDays
strEmailList = ""
If numDays > 0 Then
Set objContainer = GetObject ("LDAP://CN=Users,"; & strDomainDN)
Call ProcessFolder (objContainer, numDays)
Set objContainer = Nothing
If Len (HOSTING_OU) > 0 Then
Set objContainer = GetObject ("LDAP://OU="; & HOSTING_OU & "," &
strDomainDN)
For each objSub in objContainer
Call ProcessFolder (objSub, numDays)
Next
Set objContainer = Nothing
End If
'This part was commented out since we didn't want any boxes that
required any
'user intervention.
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
'whenPasswordExpires = DateAdd ("d", numDays,
oUser.PasswordLastChanged)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
'WScript.Echo "Password Expires On: " & whenPasswordExpires
End If
'WScript.Echo "Done"
if not bSendMail then
Wscript.echo strEmailList
end if
Function GetMaximumPasswordAge (ByVal strDomainDN)
Dim objDomain, objMaxPwdAge
Dim dblMaxPwdNano, dblMaxPwdSecs, dblMaxPwdDays
Set objDomain = GetObject("LDAP://"; & strDomainDN)
Set objMaxPWdAge = objDomain.maxPwdAge
If objMaxPwdAge.LowPart = 0 And objMaxPwdAge.Highpart = 0 Then
' Maximum password age is set to 0 in the domain
' Therefore, passwords do not expire
GetMaximumPasswordAge = 0
Else
dblMaxPwdNano = Abs (objMaxPwdAge.HighPart * 2^32 +
objMaxPwdAge.LowPart)
dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
dblMaxPwdDays = Int (dblMaxPwdSecs / SECONDS_IN_DAY)
GetMaximumPasswordAge = dblMaxPwdDays
End If
End Function
Function UserIsExpired (objUser, iMaxAge, iDaysForEmail, iRes)
Dim intUserAccountControl, dtmValue, intTimeInterval
Dim strName
On Error Resume Next
Err.Clear
strName = Mid (objUser.Name, 4)
intUserAccountControl = objUser.Get ("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
dp "The password for " & strName & " does not expire."
UserIsExpired = False
Else
iRes = 0
dtmValue = objUser.PasswordLastChanged
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
UserIsExpired = True
dp "The password for " & strName & " has never been set."
Else
intTimeInterval = Int (Now - dtmValue)
dp "The password for " & strName & " was last set on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & _
" (" & intTimeInterval & " days ago)"
If intTimeInterval >= iMaxAge Then
dp "The password for " & strName & " has expired."
UserIsExpired = True
Else
iRes = Int ((dtmValue + iMaxAge) - Now)
dp "The password for " & strName & " will expire on " & _
DateValue(dtmValue + iMaxAge) & " (" & _
iRes & " days from today)."
If iRes <= iDaysForEmail Then
dp strName & " needs an email for password change"
UserIsExpired = True
Else
dp strName & " does not need an email for password change"
UserIsExpired = False
End If
End If
End If
End If
End Function
Sub ProcessFolder (objContainer, iMaxPwdAge)
Dim objUser, iResult
objContainer.Filter = Array ("User")
'Wscript.Echo "Checking company = " & Mid (objContainer.Name, 4)
For each objUser in objContainer
If Right (objUser.Name, 1) <> "$" Then
If IsEmpty (objUser.Mail) or IsNull (objUser.Mail) Then
dp Mid (objUser.Name, 4) & " has no mailbox"
Else
If UserIsExpired (objUser, iMaxPwdAge, DAYS_FOR_EMAIL, iResult) Then
'wscript.Echo "...sending an email for " & objUser.Mail
Call SendEmail (objUser, iResult)
Else
dp "...don't send an email"
End If
End If
End If
Next
'next 3 lines are where the enumeration takes place
Dim objItem
objContainer.Filter = Array("organizationalUnit")
For Each objItem in objContainer
ProcessFolder objItem, iMaxPwdAge
Next
End Sub
dim strEmailList
Sub SendEmail (objUser, iResult)
strEmailList = strEmailList & objUser.Mail & ", "
if (bSendMail) then
Dim objMail
Set objMail = CreateObject ("CDO.Message")
objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/
configuration/sendusing") = 2
objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/
configuration/smtpserver") = SMTP_SERVER
objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/
configuration/smtpserverport") = 25
objMail.Configuration.Fields.Update
objMail.From = STRFROM
objMail.To = objUser.Mail
objMail.Subject = "Password needs to be changed for " & Mid
(objUser.Name, 4)
objMail.Textbody = " " & vbCRLF & _
"---------------------------------------------" & vbCRLF & _
"---ATTENTION!!---ATTENTION!!---ATTENTION!!---" & vbCRLF & _
"---------------------------------------------" & vbCRLF & vbCRLF & _
"The e-mail password for " & objUser.userPrincipalName & _
" (" & objUser.sAMAccountName & ")" & vbCRLF & _
"will expire in " & iResult & " days. " & vbCRLF & vbCRLF & _
"Please change it as soon as possible. Instructions are below." &
vbCRLF & vbCRLF & _
"Thank you," & vbCRLF & _
"Administrator" & vbCRLF & vbCRLF & _
'inserts the contents of the text file into the e-mail.
" " & BodyText
objMail.Send
Set objMail = Nothing
end if
End Sub
Sub dp (str)
If bDebug Then
'WScript.Echo str
End If
End Sub
----Script Ends----
There are a few changes to make to this but seems straight forward
enough.
Let me know how you get on.
Thanks
Lucas Doherty MCP
.
- Follow-Ups:
- Re: Password Expire
- From: John McC
- Re: Password Expire
- References:
- Re: Password Expire
- From: lucasno1
- Re: Password Expire
- From: John McC
- Re: Password Expire
- Prev by Date: Re: Password Expire
- Next by Date: Re: Errors 3005 in Event Log
- Previous by thread: Re: Password Expire
- Next by thread: Re: Password Expire
- Index(es):
Relevant Pages
|
