Solved

Send Message to users whose accounts are about to expire

Posted on 2008-10-01
9
322 Views
Last Modified: 2012-05-05
Gday all,
                a pretty straight forward question. I need to be able to send  messages  to users who's accounts are about to expire in AD. I have a lot of contractors who are only allowed to have access for one year at a time, but some are extended and thus need to reapply for access. This invovles a a far bit of process and can take up to a week, during which time thier account could expire. This is not for passwords but accounts. This needs to be automated and ideally be able to run down each day they have left. The message needs to appear like it does when your password is about to expire.

Cheers Me
0
Comment
Question by:t3buna
  • 5
  • 4
9 Comments
 
LVL 4

Expert Comment

by:deroyer
Comment Utility
Quest has a great tool called password manager which has this feature.  I definitely would recommend using this tool for simplicity.  It also allows you to setup a report server to run reports to find the status of your network users.

I current use the PEWA tool see this link.(it says its for Win2K but it works on Win2k3 as well)..  http://support.microsoft.com/kb/221977
0
 

Author Comment

by:t3buna
Comment Utility
I need something for accounts that are about to expire, not passwords
0
 
LVL 4

Expert Comment

by:deroyer
Comment Utility
PEWA does both...
0
 
LVL 4

Expert Comment

by:deroyer
Comment Utility
dsquery user | dsget user -samid -acctexpires  (This will return the user account in the left column and in the right column the date the account expires. It will be a date or the word "never")

you can automate that through .bat script, then with some clever scripting use blat to send a message to the users.  I am working on a similar script now and will post it when I get it complete if this thread remains open.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:t3buna
Comment Utility
Thanks Deroyer..that would be a great help
0
 
LVL 4

Accepted Solution

by:
deroyer earned 500 total points
Comment Utility
Well sorry to disapoint but this is a tough one without some serious development, but I have been able to get this down to a few simple steps that could at least significantly reduce the amout of time it will take to do this...

In notepad create the following "FindAcctEXP.bat" with the following code:
dsquery user -limit 4000| dsget user -samid -acctexpires -email > temp1.csv
(this will dump username, email address, and account expiration into the file temp1.csv within the current directory tht you run the script. You can modify the limit to fit your needs, and even remove )

Next, open the .csv with excel and sort by the acctexpires field and remove all of the never results. (This will create an email listing).  Then just copy the list of email addresses into BCC and send a generic notice that their account is going to expire soon, etc)

I know it wasn't completely what you were looking for, but it is the best I have been able to come up with...  Good luck and let me know if you ever find a way to automate the whole thing.
0
 

Author Comment

by:t3buna
Comment Utility
Thanks..this has been a great help..I will update once I take time out to automate it
0
 

Author Closing Comment

by:t3buna
Comment Utility
You have been a great help...thanks for the dedication to the problem
0
 
LVL 4

Expert Comment

by:deroyer
Comment Utility
no worries I was working on a similar concept at the time I saw this.  Thank you
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now