Solved

Send Message to users whose accounts are about to expire

Posted on 2008-10-01
9
325 Views
Last Modified: 2012-05-05
Gday all,
                a pretty straight forward question. I need to be able to send  messages  to users who's accounts are about to expire in AD. I have a lot of contractors who are only allowed to have access for one year at a time, but some are extended and thus need to reapply for access. This invovles a a far bit of process and can take up to a week, during which time thier account could expire. This is not for passwords but accounts. This needs to be automated and ideally be able to run down each day they have left. The message needs to appear like it does when your password is about to expire.

Cheers Me
0
Comment
Question by:t3buna
  • 5
  • 4
9 Comments
 
LVL 4

Expert Comment

by:deroyer
ID: 22614220
Quest has a great tool called password manager which has this feature.  I definitely would recommend using this tool for simplicity.  It also allows you to setup a report server to run reports to find the status of your network users.

I current use the PEWA tool see this link.(it says its for Win2K but it works on Win2k3 as well)..  http://support.microsoft.com/kb/221977
0
 

Author Comment

by:t3buna
ID: 22614688
I need something for accounts that are about to expire, not passwords
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22614731
PEWA does both...
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 4

Expert Comment

by:deroyer
ID: 22623468
dsquery user | dsget user -samid -acctexpires  (This will return the user account in the left column and in the right column the date the account expires. It will be a date or the word "never")

you can automate that through .bat script, then with some clever scripting use blat to send a message to the users.  I am working on a similar script now and will post it when I get it complete if this thread remains open.
0
 

Author Comment

by:t3buna
ID: 22623944
Thanks Deroyer..that would be a great help
0
 
LVL 4

Accepted Solution

by:
deroyer earned 500 total points
ID: 22628035
Well sorry to disapoint but this is a tough one without some serious development, but I have been able to get this down to a few simple steps that could at least significantly reduce the amout of time it will take to do this...

In notepad create the following "FindAcctEXP.bat" with the following code:
dsquery user -limit 4000| dsget user -samid -acctexpires -email > temp1.csv
(this will dump username, email address, and account expiration into the file temp1.csv within the current directory tht you run the script. You can modify the limit to fit your needs, and even remove )

Next, open the .csv with excel and sort by the acctexpires field and remove all of the never results. (This will create an email listing).  Then just copy the list of email addresses into BCC and send a generic notice that their account is going to expire soon, etc)

I know it wasn't completely what you were looking for, but it is the best I have been able to come up with...  Good luck and let me know if you ever find a way to automate the whole thing.
0
 

Author Comment

by:t3buna
ID: 22647963
Thanks..this has been a great help..I will update once I take time out to automate it
0
 

Author Closing Comment

by:t3buna
ID: 31503327
You have been a great help...thanks for the dedication to the problem
0
 
LVL 4

Expert Comment

by:deroyer
ID: 22649951
no worries I was working on a similar concept at the time I saw this.  Thank you
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question