Security Basics mailing list archives
RE: Active Directory password expiry notification via email??
From: "BugTraq (Mailing List)" <BugTraq () bnj com>
Date: Thu, 13 Jul 2006 13:50:37 -0700
One option you can use is to write a script or application that queries your AD servers via ADSI or LDAP and use the pwdLastSet property on each user to see when they last set their password. Using that, you can use the value for each OU/policy to determine when their password will expire. You can use Microsoft's ldp.exe tool (I think it's included in the Windows 2000/Windows Server 2003 Resource Kit downloads or elsewhere on Microsoft's site) to get a detailed view of the LDAP properties. HTH -----Original Message----- From: Stephane Favre [mailto:stephane () blue-matrix co za] Sent: Wednesday, July 12, 2006 10:46 PM To: security-basics () securityfocus com Subject: Active Directory password expiry notification via email?? Hi there I was wondering whether there would be a way of letting users know via email that their Active Directory password will be expiring in XX days. We have quite a few users that connect to our network only to collect email via PDA's and other mobile devices. So they seldom, if ever, actually log onto a windows PC.... it would be nice to inform these users that they need to contact the helpdeks the next day to reset their password, ect. We run a 2003 domain together with 2003 Exchange servers. Any help / suggestions would be mostly appreciated. Stephane Woza 2010 _________ /\_/ \ /\ / \/ \ -------------------- --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: SensePost Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: http://www.sensepost.com/training.html ---------------------------------------------------------------------------
Current thread:
- Active Directory password expiry notification via email?? Stephane Favre (Jul 13)
- Re: Active Directory password expiry notification via email?? John Mason Jr (Jul 14)
- Re: Active Directory password expiry notification via email?? Raoul Armfield (Jul 14)
- <Possible follow-ups>
- Re: Active Directory password expiry notification via email?? nfanelli (Jul 14)
- RE: Active Directory password expiry notification via email?? BugTraq (Mailing List) (Jul 14)