Re: Send notification before PWDs expire

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

How one deploys code in a given production environment varies considerably.
Different organisations have different processes and procedures, and
different levels of skills and experience at doing such things.

I will give you two vague answers, as there's intellectul property rights,
etc. that doesn't allow me to explain how the processes of the companies
that I've worked for work, as well as the fact I can't give you any code.

In a smaller company, a change request was received for what you ask.
Therefore, an individual was tasked with writing and deploying the script.
The person in question setup a virtual development lab and wrote a script
very similar to the examples I gave you. Some customisation was added
mainly for additional error handling and some branding, e.g. corporate name,
etc. Once happy with this is in test, it was implemented in production. It
was setup on one of the internal SMTP gateway servers, and was setup with
minimum permissions for the job. It was setup as a scheduled task that ran
once per day and e-mailed the user each day. In total two people were
mainly involved - the person tasked with writing the script and me, who
offered guidance on the environment in question, some aspects of the script,
and running with least privilege.

In a larger company more people are involved. There's more testing, by
testers who are different to the developer and architect, and an entire
process around this. For example, an architect would be given the change
who would enlist the help of a scripter or developer to write the code and
wrap it up into a format that was reasonably portable. The architect would
write some documentation around this and then pass it over to integration
and testing who would attempt to deploy it in a test environment. Any bugs
or problems would be registered into the change management system and
returned to the architect and/ or developer. The issues would be fixed and
it would be passed to integration again. If happy, it's then passed to test
who implement in pre-production. If that's fine, it is scheduled for
release and released to the live environment where the live implementation
people would implement it.

Note. I've not gone into the early requirements and planning phases, etc.

In both examples I've worked in a role with an outsourced solutions
provider. The company requesting the change was one of many supported by
the large oursoucring provider.

Eitherway the crux of the matter is this - you develop in a test lab and get
the script to meet your requirements. Once you're happy, you deploy in
live. If you test lab is limited, e.g. a simple VM environment, you can
only deploy to a fraction of the live environment by changing the scope of
the LDAP query used to find all users to a base DN with fewer users and/ or
by limiting the scope of the query.

Does this help? While I can appreciate that you might not have been overly
happy with me posting some links of example code, I must say that many
people who post here don't search the Internet first, and this is a public
forum, therefore I think it might be unreasonable to expect to be given code
and guidance on a rather vague question. Most of us who answer here have no
problems doing either of the above, however in some cases we don't have code
to give you. I would be breaking the law, as well as a code of ethics, if I
simply gave you the code that has been written by my company for another
company. Furthermore, as Joe has already said (in a better way than I) if
you want a very specific answer you must post a very specific question.

I don't tend to offend you with my response, so please do not take any. In
a multi-national forum such as this wit, sarcasm, humour, etc. are often
lost. Furthermore, dialect can further confuse things. I hope the
information provided by Joe and myself is helpful and you're actually
getting somewhere with this. If you have more questions please do ask.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net




.

Relevant Pages

  • Re: Possible to define a variable for only certain directories?
    ... allows such customizations upon the environment on a per- ... this is useful only if the user or script ... configuration files, environment variables, command line options, and ... commands to the CDE Window Manager from a shell ...
    (comp.unix.shell)
  • RE: local admin account password
    ... environment, yes we may have these, but we still use the same methods. ... With regards to the script, this script is actually run from a secured ... The local passwords are secured both in a secure password ...
    (Focus-Microsoft)
  • Re: Script for your enjoyment
    ... Another environment specific aspect. ... I do not maintain any databases ... The script should do that for you. ... isn't anyone checking if a domain group exists before they add it". ...
    (microsoft.public.scripting.wsh)
  • RE: How can I get the logon script to be executed while having a custo
    ... I'm working on a replacement of msgina dll. ... I have also a lot of trouble to set environment vars like ... > requires the replacement of GINA by our own customized version, ... This login script is set by the system administrator at the ...
    (microsoft.public.win32.programmer.kernel)
  • RE: How can I get the logon script to be executed while having a custo
    ... I'm working on a replacement of msgina dll. ... I have also a lot of trouble to set environment vars like ... > requires the replacement of GINA by our own customized version, ... This login script is set by the system administrator at the ...
    (microsoft.public.win32.programmer.kernel)