Solved

Send Message to users whose accounts are about to expire

Posted on 2008-10-01
9
327 Views
Last Modified: 2012-05-05
Gday all,
                a pretty straight forward question. I need to be able to send  messages  to users who's accounts are about to expire in AD. I have a lot of contractors who are only allowed to have access for one year at a time, but some are extended and thus need to reapply for access. This invovles a a far bit of process and can take up to a week, during which time thier account could expire. This is not for passwords but accounts. This needs to be automated and ideally be able to run down each day they have left. The message needs to appear like it does when your password is about to expire.

Cheers Me
0
Comment
Question by:t3buna
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 4

Expert Comment

by:deroyer
ID: 22614220
Quest has a great tool called password manager which has this feature.  I definitely would recommend using this tool for simplicity.  It also allows you to setup a report server to run reports to find the status of your network users.

I current use the PEWA tool see this link.(it says its for Win2K but it works on Win2k3 as well)..  http://support.microsoft.com/kb/221977
0
 

Author Comment

by:t3buna
ID: 22614688
I need something for accounts that are about to expire, not passwords
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22614731
PEWA does both...
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:deroyer
ID: 22623468
dsquery user | dsget user -samid -acctexpires  (This will return the user account in the left column and in the right column the date the account expires. It will be a date or the word "never")

you can automate that through .bat script, then with some clever scripting use blat to send a message to the users.  I am working on a similar script now and will post it when I get it complete if this thread remains open.
0
 

Author Comment

by:t3buna
ID: 22623944
Thanks Deroyer..that would be a great help
0
 
LVL 4

Accepted Solution

by:
deroyer earned 500 total points
ID: 22628035
Well sorry to disapoint but this is a tough one without some serious development, but I have been able to get this down to a few simple steps that could at least significantly reduce the amout of time it will take to do this...

In notepad create the following "FindAcctEXP.bat" with the following code:
dsquery user -limit 4000| dsget user -samid -acctexpires -email > temp1.csv
(this will dump username, email address, and account expiration into the file temp1.csv within the current directory tht you run the script. You can modify the limit to fit your needs, and even remove )

Next, open the .csv with excel and sort by the acctexpires field and remove all of the never results. (This will create an email listing).  Then just copy the list of email addresses into BCC and send a generic notice that their account is going to expire soon, etc)

I know it wasn't completely what you were looking for, but it is the best I have been able to come up with...  Good luck and let me know if you ever find a way to automate the whole thing.
0
 

Author Comment

by:t3buna
ID: 22647963
Thanks..this has been a great help..I will update once I take time out to automate it
0
 

Author Closing Comment

by:t3buna
ID: 31503327
You have been a great help...thanks for the dedication to the problem
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22649951
no worries I was working on a similar concept at the time I saw this.  Thank you
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question