Re: Expired Account

Sorry, don't know what a Blackberry is :)

--
Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
MVP: Windows Server - Directory Services


"Ed Krimmer" <ed_krimmer@xxxxxxxxxxxxx> wrote in message
news:uO0aPTArFHA.2064@xxxxxxxxxxxxxxxxxxxxxxx
> Ok that all makes sense. Thank you. Plenty of time passed to allow for
> replication so that isn't the issue. Would you expect the user to be able
> to read Exchange mail in any way? As I stated they have a Blackberry that
> wasn't as yet unassigned from their mailbox (even thought the account was
> expired)
>
> "Dmitry Korolyov [MVP]" <d__k@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:%23d$C$NArFHA.4044@xxxxxxxxxxxxxxxxxxxxxxx
>> When you disable a user account, it cannot be used for logging in
>> immediately.
>> When you set it to expire after a certain date, it cannot be used for
>> logging in after that date.
>> In both cases, the users attempting to log in will see appropriate
>> messages describing why they are unable to log in.
>>
>> If the user is currently logged in, however, and then you set their
>> account to Disabled, or their account expires, then depending on the
>> configuration and your network topology, DC placement and some other
>> factors, some time will pass before they actually will not be able to use
>> their account.
>>
>> --
>> Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
>> MVP: Windows Server - Directory Services
>>
>>
>> "Ed Krimmer" <ed_krimmer@xxxxxxxxxxxxx> wrote in message
>> news:%23XN2Lx$qFHA.2604@xxxxxxxxxxxxxxxxxxxxxxx
>>> Can anyone explain exactly what the difference is between an "Expired"
>>> AD account and a Disabled one? I realize "Disabled" is more severe but
>>> what happens when the account expires?
>>>
>>> I have a user that was leaving the company. I was asked to "remove" him
>>> at the end of Friday. I set his AD account to expire at the end of the
>>> day. I have evidence (a "Read receipt") that mail sent to the user's
>>> Exchange account was opened the following morning. The user has a
>>> Blackberry - could that account for it?
>>>
>>> Thanks for any thoughts,
>>> Ed
>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Expired Account
    ... The person will still be able to receive and send mail from the Blackberry ... The mail to and from the blackberry device is handled by a ... blackberry service account, which should have rights on all mailboxes. ... I set his AD account to expire at the end of the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Force password reset for administrator
    ... When I logon to an account where the password has ... Except if the account is set so that "Password never expires", ... Microsoft MVP Scripting and ADSI ... expired, your code would configure so passwords no longer expire. ...
    (microsoft.public.scripting.vbscript)
  • Re: /etc/default/passwd and SSH
    ... SYNOPSIS: Description of "Password Aging" ... The warn field is the number of days of warning the user gets on login ... the expire field perform very distinct functions that are in no way related. ... The account should be disabled after a week so that it can not ...
    (Focus-SUN)
  • Re: expired passwords
    ... To expire a password for a user and then try to log back in for that ... You must change your password now and login again! ... If password aging has been enabled for your account, ... you don't actually know if you typed an incorrect username or an incorrect password. ...
    (Fedora)
  • Re: PwdLastSet
    ... AD Password expiration is handled in a very simple way and done when a user attempts to log on (or their account is otherwise trying to auth). ... Now I simply compare pwdLastSet against that value and anything less than it is expired. ... Directory: Windows Server 2003 ...
    (microsoft.public.win2000.active_directory)