If your help desk experiences are anything like what I used to deal with, you spend more than a fair amount of time dealing with problems often related to expired passwords or changing them. Often, if you could have dealt with the password issue earlier life would be better for everyone. What you need to do is police your passwords. First off, you need to know what enabled accounts have expired passwords. If nobody has complained the account may be obsolete. Or you may want to know whose password is going to expire in the upcoming week. This gives you plenty of time to work with the user to make sure the password is changed with minimal problems. The result is the user continues working uninterrupted and you've eliminated a potential help desk ticket.
There are a few tools that ship with Windows which you can use to identify potential password problems. The venerable Active Directory Users and Computers management console has an easy to use query facility which makes finding users with non-expiring passwords (another potential vulnerability) a snap. If you are using the Microsoft Active Directory provider that ships with Windows Server 2008 R2 or a downlevel domain controller running the Active Directory Web Service, you can take advantage of the new Active Directory Administrative Center. From your Windows 7 desktop you can find users whose password will expire in the next 5 days, or whatever value you need. Of course, since the Administrative Center is built on top of PowerShell you can skip the GUI and go right to the shell. Here, you can accomplish everything you could in the GUI plus you can leverage PowerShell such as creating HTML reports or sending mail messages to your users.
In this article I'll explain how you can track user password expirations in Active Directory with easy to follow examples and a script or two you can use right immediately. You can also watch my video as I demonstrate how you can remotely get a handle on user passwords.
Don't be pestered with password problems. Let me show you how to stay a few steps ahead.
Comments