Re: Send notification before PWDs expire

Ok, so that's more like it. If you wanted more details, I would have
suggested you just ask them. It is hard to tell from your previous messages
what more details you wanted. A lot of people answering questions in the
newsgroups use the principle of responding with "proportional vagueness", so
if you don't ask something specific or request certain details, you won't
get a very specific or detailed answer. You basically asked an FAQ and got
an FAQ answer.

I can tell you that my company uses an approach similar to the one detailed
in the KB article to service our entire organization in production with over
150K users who depend on it as their ONLY means of getting password
expiration notifications and it works well. We actually use a different
approach with some .NET code that uses IMO a more sophisticated approach
that isn't as easy to do in script, but that's an implementation detail. I
have a sample of the core algorithm I prefer in ch 10 of my book which you
can get as free download from the site in my signature.

Finding the expiring passwords is not that big of a deal. The bigger deal
is deciding what to do with the data. Presumably, you want to send an email
with a link to a password change web site. How often do you send an email?
Do you have different messages for different days? Do you customize the
message on a per-user basis? Is it plain text or HTML?

We have also recently added a digital signature to our messages so that the
authenticity of the message can be verified by the recipients and we can
help fight potential phishing attacks against our users to collect their
passwords.

From an operational perspective, you need to pick an execution model for the
app (we use a scheduled task) and decided what you want to do about logging
and instrumentation (we use event log for "big" events and file system logs
for details). You also need to consider if you'll use a monitoring tool
like MOM to watch to make sure things are working and provide notifications
or if you want to do something else.

My overall assessment is that MS assumes that if you want the rest of these
things and are starting with their script, you are capable of customizing it
to meet the rest of your needs. If that isn't you, then buying a product
that does all this or hiring a developer who can is probably the right
answer. Lots of people have taken the script and run with it. I'm sure
there are varying degrees of success with their implementations depending on
the extent to which they considered all the other details. :)

If you have more specific questions, please feel free to follow up.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<best@xxxxxxxxxxxxxx> wrote in message
news:93CC1919-D679-47A6-B701-FA65969620CF@xxxxxxxxxxxxxxxx
Dear Joe

Because your question sounds somewhat challenging, I will tell you what
was
"wrong" in this thread.

Prior to putting my question to this group, I used (as every single layman
who has access to internet) Google search to find out the steps I should
take
to implement and configure AD to automatically send notification to users
before their passpwords expire. I also used my Technet library for the
same
purposes.

Joe, please keep bearing in mind that any configuration or deployment
would
take place in a production environment.

As a result of my search, I found many sites including Microsoft KB323750
(this KB was not destined for me because it does not tell me, as opposed
to
many other KBs, the steps you need to take to successfully complete the
configuration I am after).

Paul and Tony (both MVPs) seemed to have ruched into supplying me some
links
and that was it. I accept that those links MAY - I repeat MAY - provide
the right scripts for me. But, please respect my view that this is not
sufficient for MVPs to google and supply.

If it takes for an individual to google and then supply links in MS
Newsgroups WITHOUT an additional and personal experience input to become
an
MVP, then I am sorry to say that I may have some serious questions to put
to
Microsoft regarding its MVP program.

Did Paul and Tony have production experience in deploying those scripts ?
If so, why could they not tell me step-by-step how and whether it worked
fine
for them ?

Because I did not receive an answer from them to my second pretty and
honest
straightforward question, I was entitled to take the view that they did
not
have any production experience reagrding this particular script
deployment.

Joe, you have to appreciate that I can't gamble in a production
environment.

What also raised my concerns was that Mr Ken Zhao (MSFT) unreservedly
agreed
with both MVPs' replies. Having said this, I have a strong feeling that
Ken
may be testing the issue prior to giving his reply. Let's wait and see.

Best regards

Best

===


.

Relevant Pages

  • Re: Email Password Expire Notifications
    ... Co-author of "The .NET Developer's Guide to Directory Services ... Joe Richards Microsoft MVP Windows Server Directory Services ... write a script, it will probably be easier for you to use a tool like ...
    (microsoft.public.windows.server.active_directory)
  • Re: InternetExplorer.Application methods and properties reference
    ... > web reference would you suggest? ... > (so the script does not create its own InternetExplorer.Application ... Joe (MVP) ...
    (microsoft.public.scripting.vbscript)
  • Re: Using WScript in VB Script
    ... if the script is being run under the Windows Script Host. ... Joe (MVP) ...
    (microsoft.public.scripting.vbscript)
  • Re: new script
    ... "Pegasus (MVP)" wrote: ... I'm really thankfull for your help (and script). ... #echo>> c:\test.vbs ...
    (microsoft.public.windows.server.scripting)
  • Re: Licensing problem
    ... I ran the script, and it worked fine. ... Microsoft MVP ... not an academic volume license. ...
    (microsoft.public.mac.office)