To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob r...@pge.com wrote:
You don't need a tool, just do an LDAP query for pwdLastSet. I would use
adfind as it will decode the timestamps, dump to a csv and massage in
excel
, 2010 7:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob r...@pge.com wrote:
You don't need a tool, just do an LDAP query for pwdLastSet. I would
use
adfind as it will decode the timestamps, dump to a csv and massage
]
Sent: Tuesday, June 15, 2010 5:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 8:11 PM, Free, Bob r...@pge.com wrote:
You don't need a tool, just do an LDAP query for pwdLastSet. I would use
adfind as it will decode the timestamps
On Wed, Jun 16, 2010 at 11:32 AM, Free, Bob r...@pge.com wrote:
I respectfully disagree that one is as good as the other in this
particular case but to each his own.
I think the LDAP query approach is far more flexible and powerful,
so it's good to be aware of the capability and have it
My main domain has around 25K users, that is a SMB to Brian :-]
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, June 16, 2010 8:49 AM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Wed, Jun 16, 2010 at 11:32 AM
Yes, it will interfere with accessing resources.
I had to schedule a day in our office so everyone knew well in advance.
Those that couldn't or chose not to be at work that day had an
administratively assigned password (in the event that they needed access),
or change their password in advance of
Hmm we did that ~ 2 yrs ago. We used to assign passwords but *finally* sold
it to upper mgt to do it via Active Dir and the built in complexity policy
(2003 native mode). It went pretty well, nobody lost access, they had to
change their passwords at next logon. We announced it well before hand
By the designated date. Top posted for your confusion.
On Tue, Jun 15, 2010 at 3:17 PM, Jonathan Link jonathan.l...@gmail.comwrote:
Yes, it will interfere with accessing resources.
I had to schedule a day in our office so everyone knew well in advance.
Those that couldn't or chose not to be
: Tuesday, June 15, 2010 3:23 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
Hmm we did that ~ 2 yrs ago. We used to assign passwords but *finally* sold
it to upper mgt to do it via Active Dir and the built in complexity policy
(2003 native mode). It went
Ben,
They will have all sorts of problems accessing resources if you changed that
right now. :)
The remote people would be especially pleased with you. Depending on what
services they were trying to access, they *might* be told to change their
passwords, but many of the resources would just
Okay ... we had no problems maybe because we had assigned pw's which the
users could not change. We only had one VPN user - that never used it :-\
Now we have about 20 VPN users. We also executed the Group Policy and went
thru AD and checked force pw change at around 10PM and announced it many
Schedule the change for out of hours or during a quiet period), inform the
users, force all machines to log off.
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, 16 June 2010 5:12 AM
To: NT System Admin Issues
Subject: Password policy enforcement after
On Tue, Jun 15, 2010 at 3:11 PM, Ben Scott mailvor...@gmail.com wrote:
... from No password expiration to X days ...
... 8-year-expired password before ...
Thank you, everyone, for your informative and helpful responses!
I think what I'll do is configure the password complexity
-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, June 15, 2010 4:30 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after a change
On Tue, Jun 15, 2010 at 3:11 PM, Ben Scott mailvor...@gmail.com wrote:
... from No password expiration to X days ...
... 8-year
You can find AdFind, along with many other goodies here:
http://joeware.net/freetools/tools/adfind/index.htm
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, June 15, 2010 7:15 PM
To: NT System Admin Issues
Subject: Re: Password policy enforcement after
15 matches
Mail list logo