Password Expiration Alert

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is this thing on?? Ok, here goes...

I have two 2003 forests connected by a VPN tunnel with no trusts between
them. One runs an authentication domain for one of my clients and the
other is running Exchange, to which the users in the first domain connect
via RPCoHTTP. (Don't panic, this is only partially an exchange question.)

The issue is that when passwords expire on the domain hosting exchange, the
users in the other domain are never notified. They can get the warning in
OWA, but there is nothing coming through Outlook. The Exchange experts are
telling me that the way to do this is to create a two-way trust between the
domains, but this is not an option for political and security reasons.

I have an asp page that can verify that an account is about to expire and
allow users to change their password if I hand off the username as an input
parameter. I don't really like this though -- I have the usernames
identical between the domains, but there is no way to force this and I don't
like code that can break itself due to sloppy administration.

Are there other options that anyone can think of? I don't often get stumped
without a direction to go, but I am fast getting there.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Thu, 13 Jan 2005 16:59:35 -0600, "Ryan Hanisco" <rhanisco@flagshipis.com> wrote:

>Is this thing on?? Ok, here goes...
>
>I have two 2003 forests connected by a VPN tunnel with no trusts between
>them. One runs an authentication domain for one of my clients and the
>other is running Exchange, to which the users in the first domain connect
>via RPCoHTTP. (Don't panic, this is only partially an exchange question.)
>
>The issue is that when passwords expire on the domain hosting exchange, the
>users in the other domain are never notified. They can get the warning in
>OWA, but there is nothing coming through Outlook. The Exchange experts are
>telling me that the way to do this is to create a two-way trust between the
>domains, but this is not an option for political and security reasons.
>
>I have an asp page that can verify that an account is about to expire and
>allow users to change their password if I hand off the username as an input
>parameter. I don't really like this though -- I have the usernames
>identical between the domains, but there is no way to force this and I don't
>like code that can break itself due to sloppy administration.
>
>Are there other options that anyone can think of? I don't often get stumped
>without a direction to go, but I am fast getting there.

have no clue. Have you seen http://support.microsoft.com?kbid=833401



Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yeah. I have RPCoHTTP working correctly. Its just that it doesn't warn
the client about impending password expiration unless the user logon can be
verified between domains via a two way trust. Its just that that happens to
be something I can't do for political reasons.

--
Ryan Hanisco
MCSE, MCDBA
Flagship Integration Services

"Jerold Schulman" <Jerry@jsiinc.com> wrote in message
news:brlfu014u2o1dms971at1khu4opuvuc7do@4ax.com...
> On Thu, 13 Jan 2005 16:59:35 -0600, "Ryan Hanisco"
<rhanisco@flagshipis.com> wrote:
>
> >Is this thing on?? Ok, here goes...
> >
> >I have two 2003 forests connected by a VPN tunnel with no trusts between
> >them. One runs an authentication domain for one of my clients and the
> >other is running Exchange, to which the users in the first domain connect
> >via RPCoHTTP. (Don't panic, this is only partially an exchange question.)
> >
> >The issue is that when passwords expire on the domain hosting exchange,
the
> >users in the other domain are never notified. They can get the warning
in
> >OWA, but there is nothing coming through Outlook. The Exchange experts
are
> >telling me that the way to do this is to create a two-way trust between
the
> >domains, but this is not an option for political and security reasons.
> >
> >I have an asp page that can verify that an account is about to expire and
> >allow users to change their password if I hand off the username as an
input
> >parameter. I don't really like this though -- I have the usernames
> >identical between the domains, but there is no way to force this and I
don't
> >like code that can break itself due to sloppy administration.
> >
> >Are there other options that anyone can think of? I don't often get
stumped
> >without a direction to go, but I am fast getting there.
>
> have no clue. Have you seen http://support.microsoft.com?kbid=833401
>
>
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com