+ Post New Thread
Results 1 to 15 of 15
How do you do....it? Thread, "Your password expires in X days" in Technical; I have a question, that has been vexing the department for a couple of days now, and which we don't ...
  1. #1

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295

    Angry "Your password expires in X days"

    I have a question, that has been vexing the department for a couple of days now, and which we don't have the answer to.

    Our Principle would like his password NOT to expire. This seems easier said than done , at the moment!

    We've put him into an OU in GP, that doesn't need to change the password, and ticked the box in the properties. He still gets the email.

    We've tried putting him into a GP unit that doesn't take the Default Domain Policy. He still gets the email.

    Could it be that the email is spurious?

    Or is there something obvious that we've missed?

    All help gratefully received!!!

  2. #2

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    25
    I have never known an email reminder to tell you to change your password on a windows network. New to me.
    Anyhow, I take it you ticked the "password never expires" box? Surely if this is done then regardless of the email his password should never need to be reset should it?

    Maybe it's me that's missing something.

  3. #3

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,092
    Thank Post
    382
    Thanked 429 Times in 318 Posts
    Rep Power
    383
    I think you need server 2008 to set different password expiration rules for different OU's otherwise everybody takes the default policy. To get round it you would need to turn it off for everyone - not a good idea or do what gl3nnym suggests.

  4. Thanks to JJonas from:

    aerospacemango (22nd June 2010)

  5. #4

    Join Date
    Sep 2006
    Location
    West Midlands
    Posts
    410
    Thank Post
    73
    Thanked 75 Times in 58 Posts
    Rep Power
    43
    Have you checked the e-mail headers to see where it actually came from - sounds suspicious to me!

    mb

  6. Thanks to Martin from:

    aerospacemango (22nd June 2010)

  7. #5

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295
    [QUOTE=gl3nnym;530118] Anyhow, I take it you ticked the "password never expires" box? Surely if this is done then regardless of the email his password should never need to be reset should it? [QUOTE]

    Yep, that's deffo ticked! I went through the account yesterday, and checked everything was as it should be.

    I'm all for letting it go for the next 3 days, and seeing whether it actually DOES expire.

  8. #6

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    25
    Yeah give it a go. Worst comes to worst then the principal won't have his account for about 2 minutes until you reset it again but if that box is ticked then I don't see why it would expire. I would be interested to see how it turns out.

  9. #7

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295
    Quote Originally Posted by Martin View Post
    Have you checked the e-mail headers to see where it actually came from - sounds suspicious to me!

    mb
    Seems like our system developer had written a reminder script for the passwords.

    So they're from a system admin account.

    We're NOT going to let it count down, as my boss is getting significant static from the top man about this! So, I have to find out what the problem is!

  10. #8

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    25
    Quote Originally Posted by aerospacemango View Post
    We're NOT going to let it count down, as my boss is getting significant static from the top man about this! So, I have to find out what the problem is!
    How are you supposed to effectively troubleshoot the problem if you are not allowed a little trial and error? Maybe the script is buggy? Scripting is not my area of expertise i'm afraid.

  11. Thanks to gl3nnym from:

    aerospacemango (22nd June 2010)

  12. #9

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295
    Quote Originally Posted by gl3nnym View Post
    How are you supposed to effectively troubleshoot the problem if you are not allowed a little trial and error?
    That's my point entirely!

    But, that's the rules!!

  13. #10

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    I suspect the script sending the email is reading the password age and if it's greater than (say) 80 days, is sending the email.

    What it needs to do is check "is the 'password never expires' set"? If yes then skip this user else check the age and send the email. That way users who have password set to never expire won't get confusing emails.

    I'd be interested to know what your auditors have to say about a principal with a non-expiring password!

  14. Thanks to srochford from:

    aerospacemango (22nd June 2010)

  15. #11

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295
    Quote Originally Posted by srochford View Post
    I suspect the script sending the email is reading the password age and if it's greater than (say) 80 days, is sending the email.

    What it needs to do is check "is the 'password never expires' set"? If yes then skip this user else check the age and send the email. That way users who have password set to never expire won't get confusing emails.

    I'd be interested to know what your auditors have to say about a principal with a non-expiring password!
    This is what we're looking at, at the mo. The script does exactly what you say, and we're looking to put the exception in.

    As for the auditors....that's my boss's problem, not mine! I, personally, don't think that it is right. The Principle should be setting the example, not extricating himself from protocols. But, I don't make the decisions.......!!!!

  16. #12

    Join Date
    May 2010
    Location
    Kent
    Posts
    375
    Thank Post
    43
    Thanked 47 Times in 45 Posts
    Rep Power
    25
    @srochford I agree. Chances are it's all down to the script not checking it.
    @aerospacemango Let us know how you get on.

  17. #13

    aerospacemango's Avatar
    Join Date
    Apr 2010
    Location
    Northants
    Posts
    1,994
    Thank Post
    283
    Thanked 249 Times in 200 Posts
    Blog Entries
    2
    Rep Power
    295
    Ok, so we've been through the script with a fine toothcomb, and it seems to be something to do with the passwordchange date, and how it views it.

    We are not going to let it run through, but are building a separate account to do this with. Apparently, we can't risk upsetting the big cheese/head honcho!!!

    I was pretty certain that he wouldn't be locked out, as AD would have the final say.

    Testing will continue!!

  18. #14

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Can you post the script? Should be easy for someone to see the logic of what it's doing and then say "that looks OK" or "Oops!"

  19. #15
    p858snake's Avatar
    Join Date
    Dec 2008
    Location
    Queensland
    Posts
    1,490
    Thank Post
    37
    Thanked 175 Times in 151 Posts
    Blog Entries
    2
    Rep Power
    51
    If AD has picked up thats close to the reset date it may of flagged the account and changes won't take into effect till its reset? Like for example when a password does expire than you set it not to after the fact.
    Last edited by p858snake; 23rd June 2010 at 03:29 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 16th March 2011, 09:12 AM
  2. Replies: 0
    Last Post: 18th November 2009, 10:28 AM
  3. Replies: 3
    Last Post: 11th September 2009, 09:01 AM
  4. Are the days of "Scroll Lock" numbered?
    By WithoutMotive in forum General Chat
    Replies: 35
    Last Post: 25th November 2008, 06:23 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •