To notify them you can create a separate OU in AD, move those user in that OU, schedule a VB script on your Exchange Server to run on that OU every night which will create password expire date for those users by query maxpasswordage & send them a mail that their password is going to expire in n (in the script you can define if the mail should send from last 10 days or so / pwdexpiredate-10) number of days. Earlier I have done it for some of our Workgroup users.
Dhiraj From: Ben N [mailto:[email protected]] Sent: Wednesday, January 12, 2011 4:46 AM To: NT System Admin Issues Subject: Re: domain joined laptops that aren't on your network yeah locking, and unlocking with new password did the trick. sweet! Years wasted not knowing this :) maybe it's a windows 7 thing, i don't know. So what about when a user's password expires? What do you do for these external users then? Far as i know Juniper SSL VPN won't let them logon. I think they can logon to OWA, but it doesn't really tell them they need to change the password. On Tue, Jan 11, 2011 at 3:07 PM, Jimmy Tran <[email protected]<mailto:[email protected]>> wrote: I was able to follow Glen's instructions and it worked for me when connect through network connect on the Juniper SSL VPN. Give it a try Ben. Jimmy From: Glen Johnson [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, January 11, 2011 10:30 AM To: NT System Admin Issues Subject: RE: domain joined laptops that aren't on your network Don't know about ssl vpn, but with a cisco ipsec vpn, connect via vpn, lock the computer and unlock and if it's time to change password, the laptop will prompt to change it. If the password has already been changed via owa, login to the laptop using old password, connect vpn, lock laptop and when it is unlocked it will ask for current domain password. From: Ben N [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, January 11, 2011 1:11 PM To: NT System Admin Issues Subject: domain joined laptops that aren't on your network So we setup domain joined laptops and then ship them out to users that work primarily from home. They then use SSL VPN (juniper SA) to connect back to us, but these laptops never actually make it back to our physical network in most cases. We have these people change their password in OWA or via RDP to a server, but that doesn't reflect back to the domain joined laptop they are on until one day they actually show up at one of our offices I had thought being on VPN, that it would sync up with the domain enough that their current domain password would be required the next time they logged into their laptops, but this isn't the case. Any ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ________________________________ This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
