Solved

Send Message to users whose accounts are about to expire

Posted on 2008-10-01
9
326 Views
Last Modified: 2012-05-05
Gday all,
                a pretty straight forward question. I need to be able to send  messages  to users who's accounts are about to expire in AD. I have a lot of contractors who are only allowed to have access for one year at a time, but some are extended and thus need to reapply for access. This invovles a a far bit of process and can take up to a week, during which time thier account could expire. This is not for passwords but accounts. This needs to be automated and ideally be able to run down each day they have left. The message needs to appear like it does when your password is about to expire.

Cheers Me
0
Comment
Question by:t3buna
  • 5
  • 4
9 Comments
 
LVL 4

Expert Comment

by:deroyer
ID: 22614220
Quest has a great tool called password manager which has this feature.  I definitely would recommend using this tool for simplicity.  It also allows you to setup a report server to run reports to find the status of your network users.

I current use the PEWA tool see this link.(it says its for Win2K but it works on Win2k3 as well)..  http://support.microsoft.com/kb/221977
0
 

Author Comment

by:t3buna
ID: 22614688
I need something for accounts that are about to expire, not passwords
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22614731
PEWA does both...
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Expert Comment

by:deroyer
ID: 22623468
dsquery user | dsget user -samid -acctexpires  (This will return the user account in the left column and in the right column the date the account expires. It will be a date or the word "never")

you can automate that through .bat script, then with some clever scripting use blat to send a message to the users.  I am working on a similar script now and will post it when I get it complete if this thread remains open.
0
 

Author Comment

by:t3buna
ID: 22623944
Thanks Deroyer..that would be a great help
0
 
LVL 4

Accepted Solution

by:
deroyer earned 500 total points
ID: 22628035
Well sorry to disapoint but this is a tough one without some serious development, but I have been able to get this down to a few simple steps that could at least significantly reduce the amout of time it will take to do this...

In notepad create the following "FindAcctEXP.bat" with the following code:
dsquery user -limit 4000| dsget user -samid -acctexpires -email > temp1.csv
(this will dump username, email address, and account expiration into the file temp1.csv within the current directory tht you run the script. You can modify the limit to fit your needs, and even remove )

Next, open the .csv with excel and sort by the acctexpires field and remove all of the never results. (This will create an email listing).  Then just copy the list of email addresses into BCC and send a generic notice that their account is going to expire soon, etc)

I know it wasn't completely what you were looking for, but it is the best I have been able to come up with...  Good luck and let me know if you ever find a way to automate the whole thing.
0
 

Author Comment

by:t3buna
ID: 22647963
Thanks..this has been a great help..I will update once I take time out to automate it
0
 

Author Closing Comment

by:t3buna
ID: 31503327
You have been a great help...thanks for the dedication to the problem
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22649951
no worries I was working on a similar concept at the time I saw this.  Thank you
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question