RE: [ActiveDir] dsquery computer -inactive vs -stalepwd

[Jorge de Almeida Pinto]

Hi Rich,   From my knowledge the password change request is initiated by the COMPUTER itself to a domain controller. Your output lets us believe that the computers do not change their password or something goes wrong when they want to change their password. To disable the computer account password change to solutions exist: * Configure the domain controller to negled the change request by the computer (the computer still requests to change the password!) HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters     RefusePasswordChange [1|0]   * Disable the computer from requesting a passoword change. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange [1|0]   Is one of the above configured somehow?   Regards,   Jorge     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Wednesday, January 28, 2004 17:30 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] dsquery computer -inactive vs -stalepwd Jorge –   The thing I’m not understanding is why there are so many more computers with stale passwords, half of them over 6 months old, yet I only get a handful when running inactive for the same time period (12 weeks or 90 days for –stalepwd).  Unless computers can log onto the domain for months without changing their password?    Thanks – Rich   From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 28, 2004 9:33 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] dsquery computer -inactive vs -stalepwd   -inactive NumberOfWeeks (number of weeks that a PC has not logged on to the domain) Searches for all computers that have been inactive (stale) for the specified number of weeks. -stalepwd NumberOfDays (number of days that a PC uses the same password) Searches for all computers that have not changed their password for the specified number of days.         is this any help? Regards, Jorge   From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 15:55 To: [EMAIL PROTECTED] Subject: [ActiveDir] dsquery computer -inactive vs -stalepwd Does anyone know what the difference is between inactive and stale password? I see there are a lot more computers listed with the command: dsquery computer –inactive 12 than I do if I run the following: dsquery computer –stalepwd 90 I get about 10 with inactive, but 176 with stalepwd.  I noticed this first because I used –inactive to clean up the directory initially, and then with Joe’s new tool I was surprised at how many must have “slipped through the cracks” – until I ran the one with –stalepwd which gives the same output as oldcmp.    Any ideas?   Rich   -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.