RE: password expiration notices

  • From: "Michael B. Smith" <michael@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 13 Sep 2005 14:48:21 -0400

This would be easier:




From: Robert Lawson [mailto:rlawson@xxxxxxxx] 
Sent: Tuesday, September 13, 2005 12:34 PM
To: [ExchangeList]
Subject: RE: [exchangelist] password expiration notices



  Our max days is also 90.  I run a dsquery script on Monday to see
whose accounts are going to expire in the next 7 days (actually they are
83 days old).  We email users from this list AND call them.  From the
calls we've found that many users don't log off, thus don't get the
notification.  So we've starting re-education to get users to log off
nightly and restart weekly.  The list has started to shrink over the
weeks.  The query:

dsquery user "OU=start OU,DC=yoursite,DC=ext" -stalepwd 83 -limit 0 |
dsget user -samid -email -empid -display -title -dept -tel -office
-disabled -canchpwd -pwdneverexpires -acctexpires -mustchpwd
  This query includes accounts where "Password never expires" = true,
which really need to be excluded.  I redirect query output to text file,
import into Excel, sort by pwneverexpires, and make the list.  

Thanks, Robert

Robert Lawson
Senior Database Administrator/email administrator
Soka University of America
1 University Drive
Aliso Viejo, CA. 92656
main: 949.480.4000 fax: 949.480.4001
direct: 949.480.4224 rlawson@xxxxxxxx 


From: A. Michael Salim [mailto:msalim@xxxxxxxxxxxx]
Sent: Wed 9/7/2005 2:38 PM
To: [ExchangeList]
Subject: [exchangelist] password expiration notices


On Exchange 2003 / Windows 2003, on one server the password policy is
for 90 days (Domain Controller Security Settings / Account Policies /
Password Policy / Maximum Password Age).

Is there a way to make the system send out advance password expiration
notices so the users have some warning?  Currently the system is not
sending any warnings that the password is about to expire, so users show
up in the morning unable to log in and get pretty annoyed because they
can't even log in to change the password on their own at that point (the
only access they have to the Exchange server for changing passwords is
OWA because this Exchange server is not on a local LAN but across the

Best regards
Mike Salim

List Archives:
Exchange Newsletters:
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: