Announcement

Collapse
No announcement yet.

Expired passwords, etc

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Expired passwords, etc

    hello,
    we are on Hyena 8.6E:
    I am trying to query accts that have passwords either expired or about to expire so I can pro-actively disable these accounts if the employees are no longer with company. However, Hyena gives me contradicting information:
    Password Expired (but Security tab shows 'When changed' date 10/18/2011) as well as Last logon
    06/25/2010......

    Am I misreading these queries, etc.?

    I review AD monthly and need to know within a few clicks if we have accounts whose pw have expired or are about to expire. I shouldn't have to go into each account to make that determination but should see in a query.

    thank you
    Tags: None
  • #2
    Re: Expired passwords, etc

    I'm not sure I follow your example of incorrect data, but one idea for a fast way to determine this information would be to right-click on the All Users folder and choose Query Active Directory->Users(Detailed - General). Then find the Pwd Last Set column and sort on it.

    Comment

    • #3
      Re: Expired passwords, etc

      thank you for the quick response. However, I ran the fresh query like you suggested but Hyena still returns the following:
      - Pwd last set 04/26/2011

      when I double-click to view user properties on same user:
      - Security tab 'When Changed' returns 10/18/2011
      - information window shows:
      password expired
      Last logon 10/26/2010
      Pwd Change 202 days, 4 hours ago.

      Comment

      • #4
        Re: Expired passwords, etc

        The date shown in Pwd Last Set is coming from Active Directory.

        When Changed is updated in Windows for various reasons other than just password change, so it's possible that something else was done to the account since the last password change.

        Password Expired would seem to be correct if your domain policy is anything shorter than 7 months.

        The only one that could be incorrect is the Last Logon information. The reason is that field is stored locally on each domain controller, and will be different depending on which controller is answering the request from Hyena. When reporting Last Logon for a single user you can right-click on that account and choose View Logon Information and then click the Check All Domain Controllers button. To report that for multiple users you can user Exporter Pro which has an option to check all domain controllers.

        Comment

        Previous template Next
        Working...
        X