Re: Network Users password expired

You could also weaken your password policy by having those users never
expire, but I don't recommend that.

Note that the app generating the emails does not need to run on the DC. In
fact, I would not run it there. I'd run it somewhere else. It just needs
access to do LDAP queries to your DCs. If it was located such that it had
access to your SMTP MTA as well, then you would be fine.

If you can think of another way to notify these users of an impending pwd
expiration, then by all means do so. Email is just the lowest common
denominator that everyone assumes you can do.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"PBP" <PBP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A1D7524-845C-4F72-89E5-2FDF0417E03B@xxxxxxxxxxxxxxxx
Thanks for the response Joe.
I was hoping not to go to email route but I guess I will have do that. I
just have to find out how am I going to do it because both DC does not
have
access to our email servers nor the internet.

"Joe Kaplan" wrote:

You only get the prompt during an interactive logon, so for your users
that
don't do interactive logon, you'll need a different solution. Email is
the
standard way to do it.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"PBP" <PBP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:87457C0F-B79F-4351-8893-E12881A1BAD5@xxxxxxxxxxxxxxxx



.

Relevant Pages

  • Re: Accessing security information from an authentication provider
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.platformsdk.security)
  • Re: Can I retrieve Unix box OS info using DirectoryEntry Property
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... For the second search, if the user account has an SPN of HTTP/webserver, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication since ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... You should then be able to see the SPNs that are on that account. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)