If your users tend to ignore the systems password change request and implementing tip 559 in a login script doesn't seen to help,
try scheduling it in batch. JSINotify.bat uses JSIExpire.bat (from tip 559) and Showmbrs from
Usage: JSINotify "DomainName" Days <path>\notify.bat
@echo off if %1"" goto syntax if "%2"
"" goto syntax set agea=%2 set /a agen=%agea% if "%agea%""%agen%" goto notify :syntax @echo JSINotify "DomainName" Days <path>\notify.bat goto end :notify if %3
"" goto syntax if not exist %3 goto syntax Set Domain=%1 for /f "Tokens=*" %%i in ('showmbrs "%DOMAIN%\Domain Users"') do (for /f "tokens=1-3" %%j in ('net user "%%i" /domain') do call :xuser %2 %3 "%%i" %%j %%k %%l) REM The above two lines are 1 line goto end :xuser if not "%4""Password" goto end if not "%5"
"expires" goto end if "%6"=="Never" goto end call JSIExpire %3 %1 %2 :end
To schedule the process on your PDC, the Schedule Service must run under a Domain Admin account or have the Scheduler run under the System account and impersonate a Domain Admin for this job, using SU (see Supplement Two):
AT 00:00 /Every:M,T,W,Th,F,S,Su CMD /C "<Path>\JSINotify.bat"
0 comments
Hide comments