We had a similar issue in our environment. We implemented a log off script that checked for password expiration. If the users password is within 14 days of expiration the user is notified and the password change page is launched.
This actually has two benefits. One, it solved the notification issue and two it allowed plenty of time for the password to synchronize because it occurs as the user is leaving for the day. We use some older systems like OS/2 that do not have fast password replication so this helped us. The downside to this solution is that it's a bit inconvenient for the user, but it's for their own good :) Modifying msgina.dll will also work but requires more development. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 22, 2005 6:30 AM To: [email protected] Subject: [ActiveDir] Password Expiration Prompt In our environment we use a product called Passport to synchronize password changes across multiple accounts. Our users are aware of this product and the procedures required for making a password change, however, the Default Domain GPO specifies that the user will be notified to change their password 5 days before expiration. When a user logs in and sees this message they become confused and frustrated because they think this change will apply to all accounts and passwords, which it does not. Is there a script or setting I can change that will notify the user it is time for a password change and take them directly to the Passport website to change their password? Thanks, Chris List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
