RE: [NTSysADM] RE: password change notification to users not physically connected to domain

[Free, Bob]

Don’t just copy VMs, do a full bare metal restore from your actual backups, you 
get the advantage of completely testing your DR process and correcting any 
imperfections. (whatever your definition of bare metal and forest recovery 
happens to be, hopefully not involving  3rd party sw  or imaging [1])

[1] Personally, I consider the combination of AD and external image backup 
tools to be more like playing with anti-matter.  The best outcome you could 
possibly hope for would be a quick death.  ~Don Hacherl

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of David Lum
Sent: Wednesday, June 05, 2013 7:49 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

Here’s an opportunity to test backup/restore. Want a dev environment? Restore 
your production environment into a sandboxed one. Of course if you have VM’s 
it’s even easier (from a technical standpoint, if not financial/political) to 
create a dev environment.

We did exactly this (copied the DC VM’s into a sandbox) when we weren’t able to 
extend the AD schema and needed Microsoft’s help troubleshooting and support.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Tuesday, June 04, 2013 12:08 PM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

I get it.  But I’m not in charge.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Chenault
Sent: Tuesday, June 04, 2013 11:48 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: password change notification to users not 
physically connected to domain

<pokes head out of foxhole>
You still don’t have a test environment. You have a sandbox without walls 
sitting in the middle of the floor where people are trying to work.
If the app you’re testing runs wild and trashes AD (and that is a very real 
possibility) then you’ll understand the difference.
<back into foxhole>

From: mailto:joseph.hea...@wildlife.ca.gov
Sent: Tuesday, June 04, 2013 1:39 PM
To: mailto:ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

Dev and test are on different boxes from prod.  Just part of the same AD.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith
Sent: Tuesday, June 04, 2013 10:57 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

And… that is so true.

Even in my small company’s AD, I broke it once. After that, I ALWAYS do dev and 
testing on a separate box.

Hasn’t need to be a physical box since, uh, 2004? A long time anyway.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Free, Bob
Sent: Tuesday, June 4, 2013 1:51 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain


> those servers are still part of the prod AD.



You do, in fact, have a lab environment.  What you do not have is a production 
environment.



~Don Hacherl circa 2009


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife
Sent: Monday, June 03, 2013 11:40 AM
To: 'ntsysadm@lists.myitforum.com'
Subject: RE: [NTSysADM] RE: password change notification to users not 
physically connected to domain

Oh, I don’t mind the joke.  I’m just glad it was that easy to get something 
stood up.  We have plenty of VMWare licensing, so throwing up a virtual domain 
should be pretty easy.  Good luck with your crew.

We do have a dev and test environment for our devs, which they do use.  We even 
have it so that we (server admins) have to do the push to test/prod.  That 
said, those servers are still part of the prod AD.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Monday, June 03, 2013 11:33 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: password change notification to users not 
physically connected to domain

I only joke because I'm currently in the same position.  Also at a .gov 
coincidentally.  You'd think it wouldn't be such a novel concept that perhaps 
you shouldn't test in environments where you can potentially impact provided 
services...but it is here.  I've finally got them to add it to this years 
budget, so in July I get to stand up a QA forest.

Now getting the devs to use it will be the next challenge.  :P


- WJR

On Mon, Jun 3, 2013 at 1:29 PM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
That’s about the size of it.  I’m talking with our architect, and he agrees 
that we should stand up a test domain, so we’ll be doing that, and I’ll do an 
LDIF export/import of our user base so we have “stuff” to play with.

Joe Heaton
Enterprise Server Support
CA Department of Fish and Wildlife
1807 13th Street, Suite 201
Sacramento, CA  95811
Desk:  (916) 323-1284

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of William Robbins
Sent: Monday, June 03, 2013 11:08 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: password change notification to users not 
physically connected to domain

:)


- WJR

On Mon, Jun 3, 2013 at 12:59 PM, Heaton, Joseph@Wildlife 
<joseph.hea...@wildlife.ca.gov<mailto:joseph.hea...@wildlife.ca.gov>> wrote:
Michael,

I finally have time to look at this.  The parameters at the top of the script 
are what I have to set beforehand.  Do I have to do something with all of them? 
 To begin with, I want this to only come to me, so I set $adminEmailOnly = 
$True, is that correct?  I don’t think we’re using ANR, so I left that alone.  
I do want a report afterwards, so I need to leave $Quiet blank?

Just want to get these clarifications before I run it the first time.  
Unfortunately, I don’t have a test domain to play in, so it will be run against 
our production domain.  I don’t want any notifications sent to the users until 
I’m satisfied with it.

Thanks,

Joe Heaton

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of Michael B. Smith
Sent: Sunday, May 05, 2013 7:00 AM
To: Heaton, Joseph@Wildlife; 
ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] RE: password change notification to users not physically 
connected to domain

http://theessentialexchange.com/blogs/michael/archive/2012/01/17/sending-an-email-to-users-whose-password-is-about-to-expire-a-powershell-rewrite.aspx


From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Liby Philip Mathew
Sent: Sunday, May 5, 2013 8:16 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] password change notification to users not physically 
connected to domain

Hi,
I am in the process of setting up a password reset policy of 90 days.  I have a 
lots of users that are part of the domain but their laptops are not physically 
connected to the domain (commuting users).  But, these users are all always 
connected to our Exchange 2010 mail server.
How can I notify (automated) these users in advance of 14 days to change the 
password?

Liby
Disclaimer

[The information contained in this e-mail message and any attached files are 
confidential information and intended solely for the use of the individual or 
entity to whom they are addressed. This transmission may contain information 
that is privileged, confidential or exempt from disclosure under applicable 
law. If you have received this e-mail in error, please notify the sender 
immediately and delete all copies. If you are not the intended recipient, any 
disclosure, copying, distribution, or use of the information contained herein 
is STRICTLY PROHIBITED. Path Solutions accepts no responsibility for any 
errors, omissions, computer viruses and other defects.]
P Protect our planet: Do not print this email unless necessary.



________________________________
PG&E is committed to protecting our customers' privacy.
To learn more, please visit http://www.pge.com/about/company/privacy/customer/
________________________________


PG&E is committed to protecting our customers' privacy. 
To learn more, please visit http://www.pge.com/about/company/privacy/customer/