Windows domain password expired

Similar Messages

• Can we pass values to Oracle Default window when Password expired?

  We are using our own login form to login to our Oracle Form based application. All the passwords are encrypted as per our system design and hence password changed outside ( through SQLPLUS, TOAD ..etc) our application will block the user to be login to our system.
  Now we are implementing the passowrd expiration logic through "PROFILES".
  When the user's password is expired then if user is trying to loginb, oracle Form displays its default screen with the below three fields to change the password
  1.Old passowrd
  2.New password
  3.Re enter password
  Since we have implemented our own encryption method, we should not allow the user to enter new password in oracle's default window.
  Instead we have to use the new password entered in our application, it will be encrypted and passed it directly to the oracle's default window and User should be able click ONLY the "OK" button other fields should be disabled.
  In this way we will be able to change the old password with new encrypted one.
  is it possible? is there any alternative to this?

  Hi,
  My requirement is exactly the same as yours, can you please let me know what did you do to overcome the Oracle Forms Default change password screen.
  Regards,
  Praveen

• What benefits are there to joining a Windows domain?

  My company has one mac user with a Macbook Air, we have a Windows 2008 r2 domain.
  I'm wondering if it is worth joining him to the domain, what benefits are there for a mac user?
  We use Exchange 2007 and change our passwords every 90 days.
  One concern is when the user is out of the office the cached password can become out of sync with the domain passowrd.
  This is an anoyance and can be confusing.
  Any advice would be much appriciated.
  Thanks.

  Greetings.
  I am a 1 of 2 Mac users in a company that otherwise is using Windoz. I do not join the domain though, because I really see no reason to. I can get to the printers, to the web, to the Exchange and to the SharePoint. Though mostly I need SVN and cloud services anyway.
  Thus no real reason. Unless there is some specific stuff that is setup on the network that is only available to windows machines authenticated with a certificate and joined to the windows domain, like for instance a split tunnel VPN or something along those lines, there is really no need to be "on the domain" connected to the LAN works just fine if not better.
  HOWEVER
  There is that annoying bit about the passwords.
  Some sysadmins like to setup password expiration, thus forcing us mortals to rotate three (almost identical) passwords every three months. In this case you just need to setup a reminder on your calendar that prompts you a week in advance to change your password.
  How to change your password? You have options:
  OPTION 1
  Now. If your Mac has OS pre Lion (no higher then 10.6) then you have old samba installed by default and that comes with "smbpasswd" command. To change the password just open the mighty mac terminal and type:
  smbpasswd -r YOUR_WINDOWS_DOMAIN_CONTROLLER_IP -U username
  Then the output will be something like this:
  Old SMB password: ********
  New SMB password: *********
  Retype new SMB password: *********
  Password changed for user username
  Of cause replace the YOUR_WINDOWS_DOMAIN_CONTROLLER_IP with the IP of your domain controller. Do not know your domain controller IP? run Google "net lookup master" command. I think older macs have it. (not sure)
  if you are running Lion, you do not have smbpasswd command. I think Apple either wrote their implimentation of samba or just use some stripped down wersion of it, not sure. It has to do with some dreary and borring licensing thing.
  You can either install samba yourself form sources... Thus if you are brave and adventurous here is a walk through http://forums.sonos.com/showthread.php?t=24022 or you can use optopn two:
  OPTION 2
  If your company has not gone to the cloud hosting and still use the old-school home grown Exchange hosted in the broom closet, you might have a web version of the M$ Exchange running. The URLs usually something like: https://owa.yourcompanyname.com. If you have that then the sysadmins may have the password change feature enabled there. Login to your web interface for Outlook (OWA), In the top right corner choose the "Change Password" feature and use it.
  If this is not an option because either your sysadmin is not running OWA or the password change feature is not enabled you have still have options.
  OPTION 3:
  If you are working for a company that loves Windows and their products you might have an M$ Office installed on your Mac. Thus you might have Remote Desktop Connection (RDC) utility. If not you can download it here: http://www.microsoft.com/mac/remote-desktop-client. Then remote desktop to a machine in your office and you will get to it's login screen where you can change the windows domain password. (This requires a machine to which you can remote desktop)
  OPTION 4:
  Walk up to any Windowz box that no one is using, CTRL + ALT + DEL one time and this will give you the login screen, you can change password form there.
  OPTION 5:
  Ask your sysadmin to setup your password to never expire, or add the policy for your user so that you can change it in OWA (see option 2)

• Domain Password Changes - Bad User Experience

  I just want to say this is ridiculous and annoying. i use my iPhone at work and every time my domain password expires and i need to change it it causes all sorts of issues with my iPhone. It asks me to update the password so i do then it asks me again and again. I sat through it all just to see how many times it would ask, 7 Times. in the past i had to wipe my mail settings (MS Exchange) and WiFi settings and renter them (or it seems enter my details 7 times).
  This to me is a really bad experience. I should only need to enter these details in once, it should be smart enough to realize that i use the same domain credentials for multiple features (WiFi, proxy, mail) and update them.
  Who thinks we should only need to update these details once?

  I wouldn't call that ridiculous. Just good practice. I could understand needing to enter it up to 2 times, but 7 whats the go there? I say 2 because there are 2 different sections that use it. First the WiFi/Proxy, and second the Exchange server Mail Account.
  so i'd be happy if it asked me one for the wifi/proxy when i tried to access it and another time for the mail when i try to access it. but when i try to access something like the app store thats when it just constantly asks me.
  Can you explain why i must be prompted 7 times? whats the problem with using the same domain credentials for your mail and wifi? in most cases they will be the same.

• Windows 8 Problems changing an AD domain password

  Hi i have a problem with Windows 8 computers changing passwords on a Domain.
  I have several Windows 8 clients that when their passwords have expired they are unable to change them and i am having to reset them on a domain controller.
  If users change their passwords before they expire by either using control-alt-del or clicking the notification bubble then it works fine and they can change their passwords without a problem.
  We have a Domain with a mixture of 2003 and 2008 domain controllers running at 2003 domain functional level
  However, if they leave it until their passwords expire and try to log in they are prompted as expected to change their passwords so they click yes and they enter the info:
  Old Password
  New Password
  Confirm New Password
  They then get an error your password has expired and this error repeats in a circle until i change their passwords on a DC. This behavior also occurs if i check teh box for 'User must change their password at next log on'
  This as far as i can see is affecting all Windows 8 users, all Windows 7 users are working fine and everything works as expected. From what i can make out its a problem with authentication as you are able to change t he password once the computer
  has logged in using a valid password.
  Any ideas?
  Thanks.

  I am getting the same issue. If you found how to fix it can you share please?

• Capturing the Message on the Login Page (Invalid user/password expired etc.

  Hi, I have a requirment for capturing the error message on the Login page if the User's Account is expired or Account is Disabled or Invalid credentials, Password Lockout etc.
  I am using the attached login page. Can any one please help me out on this.
  <html><head><title>AARPLogin Page</title>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  // This function automatically gets called for broswer detection
  var isNav4 = false;
  var isIE4 = false;
  var isNS6 = false;
  function obDetectBrowser()
  if ( navigator.appVersion.charAt( 0 ) == "4" )
  if ( navigator.appName == "Netscape" )
  isNav4 = true;
  } else {
  isIE4 = true;
  else
  if ( navigator.appVersion.charAt( 0 ) >= 5 )
  if ( navigator.appName == "Netscape" )
  isNS6 = true;
  obDetectBrowser ();
  var HOSTNAME =
  var COOKIE_OBREQUESTEDURL = "OBREQUESTEDURL";
  var COOKIE_OBFORMLOGINCOOKIE = "ObFormLoginCookie";
  var NCID_LANDING_PAGE_URL = "/landing/";
  var QS_REDIR = "ReDir";
  var keyChooser;
  function checkPasswordEnterKey( event )
  var form = document.forms[0];
  if (isNav4 || isNS6) {
  keyChooser = event.which ;
  } else if (isIE4) {
  keyChooser = window.event.keyCode;
  if (keyChooser == 13) {
  if (
  form.userid.value
  && form.userid.value != ""
  && form.password
  && form.password.value != ""
  form.submit();
  return true;
  else
  alert('Please enter a UserId and Password');
  return false;
  function showHidePanel( panelID, displayValue )
  var panelElement = document.getElementById( panelID );
  if ( displayValue == 'show' )
  panelElement.style.display = 'block';
  else
  panelElement.style.display = 'none';
  function getQueryVariable( variable )
  var query = window.location.search.substring( 1 );
  var vars = query.split( "&" );
  for ( var i=0; i < vars.length; i++)
  var pair = vars[ i ].split( "=" );
  if ( pair[ 0 ] == variable )
  return unescape( pair[ 1 ] );
  return "";
  function Get_Cookie( name )
  var nameEQ = name + "=";
  var ca = document.cookie.split( ';' );
  for( var i=0; i < ca.length; i++ )
  var c = ca[ i ];
  while ( c.charAt( 0 )==' ' )
  c = c.substring( 1, c.length );
  if ( c.indexOf( nameEQ ) == 0 )
  return c.substring( nameEQ.length, c.length );
  return null;
  function Set_Cookie( name, value, expires, path, domain, secure)
  document.cookie = name + "=" + escape( value ) +
  ( ( expires ) ? ";expires=" + expires.toGMTString() : "" ) +
  ( ( path ) ? ";path=" + path : "" ) +
  ( ( domain ) ? ";domain=" + domain : "" ) +
  ( ( secure ) ? ";secure" : "" );
  function Delete_Cookie( name, path, domain )
  if ( Get_Cookie( name ) )
  document.cookie = name + "=" +
  ( (path) ? ";path=" + path : "" ) +
  ( (domain) ? ";domain=" + domain : "" ) +
  ";expires=Thu, 01-Jan-1970 00:00:01 GMT";
  function lostPassword()
  var CurrentLogin = document.forms[0].userid.value;
  if ( CurrentLogin == "" ) {
  alert ( "Please enter your eMail Address." );
  document.forms[0].userid.focus();
  else {
  Set_Cookie( COOKIE_OBFORMLOGINCOOKIE, "done", 0, "/" );
  var LOST_PWD_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=passwordChallengeResponse&login="+CurrentLogin+"&backUrl=http://oradev2.na.aarp.int/login/login.html&target=top";
  window.location = LOST_PWD_PAGE;
  function emailPassword()
  document.passform.submit();
  function onLoad()
  if (getQueryVariable( "MSG" ) == 'LOGIN_FAILED' )
  alert ("Login Failed, Please try again");
  else if (getQueryVariable( "MSG" ) == 'PWD_EXP' )
  alert ("Your Password Is About to Expire. Please Change it at your earliest convenience.");
  var pwdExpUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var PWD_EXP_PAGE = "/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+pwdExpUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = PWD_EXP_PAGE;
  else if (getQueryVariable( "MSG" ) == 'CHGPWD' )
  alert ("You are required to change your password.");
  var chgPwdUID = getQueryVariable( "login" );
  var hostTarget = getQueryVariable( "hostTarget" );
  var resURL = getQueryVariable( "resURL" );
  var CHG_PWD_PAGE = "http://"+HOSTNAME+"/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd&login="+chgPwdUID+"&backURL="+hostTarget+resURL+"&target=top";
  window.location = CHG_PWD_PAGE;
  </script></head><body onload="onLoad();document.login.userid.focus();" alink="blue" bgcolor="#ffffff" link="blue" vlink="blue">
  <p align="center">
  <img alt="AARP Header Logo" src="login_files/aarpLogo.gif" border="0" height="91" width="219">
  <br>
  </p><form name="login" method="post" action="/access/oblix/apps/webgate/bin/webgate.so">
  <div class="boldText" align="center">
  <h2>Login</h2>
  <div class="boldText" align="left">
  <div id="LoginFailed" style="display: none;">
  <table align="center" bgcolor="#ff0000" border="0" cellpadding="2" cellspacing="0" width="500">
  <tbody><tr>
  <td>
  <table bgcolor="#e5e5e5" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#ffffff">
  <td rowspan="3" height="40" nowrap="nowrap" valign="top">
  <img src="login_files/error.gif" name="error" height="20" width="20">
  </td>
  <td rowspan="3" align="center">
  <p>
  <font color="#ff0000" size="-1">
  <b>
  <div id="TryAgain" style="display: none;">Login Failed! Invalid UserID and/or Password, Please try again.<br></div>
  <div id="AccountLocked" style="display: none;">Your Account has been Locked!</div>
  </b>
  </font>
  </p>
  <p>
  <font color="#ff0000">
  <b>For
  assistance call E-Services Help Line at (XXX) XXX-XXXX Monday through
  Friday between the hours of 8:00 am and 5:00 pm eastern standard time.</b>
  </font>
  </p>
  </td>
  </tr>
  <tr bgcolor="#ffffff">
  </tr><tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  </tbody></table>
  </div>
  <br>
  </div>
  <table border="0" cellpadding="0" cellspacing="0" width="500">
  <tbody><tr>
  <td background="login_files/border_upper_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_top.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_upper_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_left.gif" nowrap="nowrap" width="20"> </td>
  <td>
  <table bgcolor="#ebebce" border="0" cellpadding="2" cellspacing="0" height="100%" width="100%">
  <tbody><tr>
  <td colspan="3" align="center">
  <font color="darkred" face="Arial" size="3">
  <b>
  </b></font>
  <b> </b></td>
  </tr>
  <tr valign="bottom">
  <td colspan="3" width="100%">
  <table bgcolor="#ebebce" border="0" cellpadding="5" cellspacing="0" width="100%">
  <tbody><tr bgcolor="#e5e5e5">
  <td rowspan="2" bgcolor="#ebebce" height="20" nowrap="nowrap" valign="top" width="4%">
  <font color="#000000">
  <span class="text">
  <img src="login_files/arrow.gif" align="top" height="20" width="20">
  </span>
  </font>
  <font color="#000000"> </font>
  </td>
  <td rowspan="2" bgcolor="#ebebce" width="96%">
  <font color="#000000" size="-1">
  <span class="text">Please enter your Email and Password. If you are a new user to AARP, please select First Time AARP User.
  </span>
  </font>
  </td>
  </tr>
  <tr bgcolor="#e5e5e5">
  </tr></tbody></table>
  </td>
  </tr>
  <tr valign="bottom">
  <td colspan="3">
  <table align="center" border="0" width="349">
  <tbody><tr>
  <td nowrap="nowrap" width="74">
  <font color="#000000" size="-1">
  <div align="left">eMail:</div>
  </font>
  </td>
  <td width="265">
  <input name="userid" value="" size="32" maxlength="32" tabindex="2" type="text">
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <div align="left">Password:</div>
  </font>
  </td>
  <td>
  <p>
  <font color="#000000" size="-1">
  <input name="password" size="32" maxlength="32" length="30" tabindex="3" type="password">
  </font>
  </p>
  </td>
  </tr>
  </tbody></table>
  </td>
  </tr>
  <tr>
  <td>
  <font color="#000000" size="-1">
  <p align="center"><b>Forgot Your Password?</b></p>
  </font>
  </td></tr>
  <tr>
  <td align="center"> <font color="#000000" size="-1"><!--
  Reset Password      
  -->
  Email New Password
  </font>
  </td></tr>
  <tr>
  <td colspan="4">
  <div class="boldText" align="center">
  <br>
  <input src="login_files/button_login.gif" name="Submit" value="" alt="login" type="image">
  <!--
  <b class="boldText"><img src="../images/button_login.gif" width="68" height="25" name="img_login" border="0" alt="login"/></b>
  --> <b class="boldText"><img src="login_files/button_clear.gif" name="img_clear" alt="clear" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_help.gif" name="img_help" alt="help" border="0" height="25" width="68"></b>
  <b class="boldText"><img src="login_files/button_cancel.gif" name="img_cancel" alt="cancel" border="0" height="25" width="68"></b>
  </div>
  </td>
  </tr>
  </tbody></table>
  </td>
  <td background="login_files/border_right.gif" nowrap="nowrap" width="20"> </td>
  </tr>
  <tr>
  <td background="login_files/border_lower_left.gif" height="20" nowrap="nowrap" width="20"> </td>
  <td background="login_files/border_bottom.gif" height="20" nowrap="nowrap"> </td>
  <td background="login_files/border_lower_right.gif" height="20" nowrap="nowrap" width="20"> </td>
  </tr>
  </tbody></table>
  <p></p>
  <span class="text"><br><br><b>NOTICE:
  This system is the property of AARP and is for authorized use only.
  Unauthorized access is a violation of federal and state law. All
  software, data transactions, and electronic communications are subject
  to monitoring.</b></span>
  <div id="hr" style="position: absolute; width: 100%; height: 10px; z-index: 90; top: 657px; left: 10px;">
  <hr>
  </div>
  <div id="footer" style="position: absolute; width: 700px; height: 55px; z-index: 115; top: 678px; left: 50px;">
  <span class="subhead">
  Privacy Policy
  Disclaimer
  Contact Us
  </span>
  <span class="bodytext">
  </span></div>
  <form name="passform" action="http://oradev2.na.aarp.int/wampassword/passwordReset.html" method="post">
  <input name="login" value="" type="hidden">
  <input name="backUrl" value="http://oradev2.na.aarp.int/login/login.html" type="hidden">
  </form>
  <script type="text/javascript" language="JavaScript" xml:space="preserve">
  var undefined;
  if (
  document.login
  && document.login.password
  function clearForm()
  document.login.reset();
  function navigate( linkName )
  if ( 'login' == linkName )
  if ( document.accountLogin.userID.value != '' && document.login.password.value != '' )
  alert('Please click the Account Registration Setup link for now');
  //document.location = 'userDataPersonal.htm';
  else
  alert('Please enter a UserId and Password');
  function openHelp()
  helpDoc = window.open( "http://www.aarp.org", "", "scrollbars=yes,resizable=yes,width=500,height=300" );
  function cancel()
  // open dialog
  var initX = parseInt( window.screenX ) + parseInt( window.outerWidth ) / 2 - 100;
  var initY = parseInt( window.screenY ) + parseInt( window.outerHeight ) / 2 - 50;
  cancelDialog = window.open( "./cancelDialog.html", " cancelDialog", "resizable=yes,toolbar=no,menubar=no,width=200,height=150,screenX=" + initX +",screenY=" + initY );
  </script>
  </div></form></body>
  <script type="text/javascript">
  <!--
  function __RP_Callback_Helper(str, strCallbackEvent, splitSize, func){var event = null;if (strCallbackEvent){event = document.createEvent('Events');event.initEvent(strCallbackEvent, true, true);}if (str && str.length > 0){var splitList = str.split('|');var strCompare = str;if (splitList.length == splitSize)strCompare = splitList[splitSize-1];var pluginList = document.plugins;for (var count = 0; count < pluginList.length; count++){var sSrc = '';if (pluginList[count] && pluginList[count].src)sSrc = pluginList[count].src;if (strCompare.length >= sSrc.length){if (strCompare.indexOf(sSrc) != -1){func(str, count, pluginList, splitList);break;}}}}if (strCallbackEvent)document.body.dispatchEvent(event);}function __RP_Coord_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Coord_Callback = str;pluginList[index].__RP_Coord_Callback_Left = splitList[0];pluginList[index].__RP_Coord_Callback_Top = splitList[1];pluginList[index].__RP_Coord_Callback_Right = splitList[2];pluginList[index].__RP_Coord_Callback_Bottom = splitList[3];};__RP_Callback_Helper(str, 'rp-js-coord-callback', 5, func);}function __RP_Url_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Url_Callback = str;pluginList[index].__RP_Url_Callback_Vid = splitList[0];pluginList[index].__RP_Url_Callback_Parent = splitList[1];};__RP_Callback_Helper(str, 'rp-js-url-callback', 3, func);}function __RP_TotalBytes_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_TotalBytes_Callback = str;pluginList[index].__RP_TotalBytes_Callback_Bytes = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}function __RP_Connection_Callback(str){var func = function(str, index, pluginList, splitList){pluginList[index].__RP_Connection_Callback = str;pluginList[index].__RP_Connection_Callback_Url = splitList[0];};__RP_Callback_Helper(str, null, 2, func);}
  //--></script></html>

  Is it not possible that someone fired the password expiration cmd ?
  SQL> select limit
    2  from   dba_profiles
    3  where  profile='DEFAULT'
    4  and resource_name='PASSWORD_LIFE_TIME';
  LIMIT
  UNLIMITED
  SQL> select profile from dba_users where username='MYUSER';
  PROFILE
  DEFAULT
  SQL> conn myuser/myuser
  Connected.
  SQL> conn / as sysdba
  Connected.
  SQL> alter user myuser password expire;
  User altered.
  SQL> conn myuser/myuser
  ERROR:
  ORA-28001: the password has expired
  Changing password for myuser
  New password:
  Password unchanged
  Warning: You are no longer connected to ORACLE.
  SQL> conn / as sysdba
  Connected.
  SQL> select name, astatus, TO_CHAR(ctime,'DD-MM-YYYY HH:MI') CTIME, TO_CHAR(ptime,'DD-MM-YYYY HH:MI') PTIME, TO_CHAR(EXPTIME,'DD-MM-YYYY HH:MI') EXPIRE
    2  from sys.user$ where name ='MYUSER';
  NAME
     ASTATUS CTIME
  PTIME
  EXPIRE
  MYUSER
           1 23-11-2011 11:15
  23-11-2011 11:15
  23-11-2011 11:17
  SQL>Nicolas.

• Android, Ipad authentication under windows domain environment

  I’m really confused about the best practice to set up these devices in a 802.1x and Windows Domain network using ISE.
  I had seen the Ipad download the ISE certificate the very first time the device is connected to the SSID. In Android device (Galaxy phone) I don’t see the device download certificate.
  Testing with the Android device I was able to install the root CA certificate (a not easy procedure), then when the SSID is configured in the device I have the option to choice the root CA certificate.
  Now if I don’t include the certificate in the SSID configuration, the device is able to connect with an Identity and Password only. If I include the certificate in the SSID configuration, the device ask for the certificate storage password if the option for use secure credentials is not enabled before.
  How can I validate through the ISE the android device is using the certificate? Is it possible to set a rule in the ISE denying access if the device does not validate the certificate? I think EAP necesarity use certificates, but the Android device does not show anything.
  I had read about provisioning and profiling the Android devices. I think the Network Setup Assistant available through Google Play is an easy procedure to install the root CA certificate. Am I Right?
  The customer said it appears the certificate is being used to encrypt the username and password not for do the authentication itself. Reading about EAP functionality I believe it is right, I understand the EAP-MSCHAP actually creates a tunnel to passthrough the username and password. Right?
  As the Ipad and Android devices are not in the windows domain, what should be expected when the password is expired? Customer Policy indicates users must change domain passwords every four months. In a Windows PC users receive warnings some days before the expiration but it appears nothing happen in non-domain devices. A co-worker told me the easy way is that when this happen the user should remove the SSID in the device and create it again. The customer does not like this behavior, so what should be a best practice work around?
  I hope you can help me to clarify my doubts.
  Regards.
  Daniel Escalante

  Client Provisioning for Android you can refer thease guides:
  http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_ISE.html#wp1024291
  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html#anc10

• Im not getting AD password expiration notices in Leopard

  Has anyone else having problems getting AD password expiration notices in AD environments on Leopard Macs? It used to work for me in Tiger, but Im not getting the warnings when I log into Leopard Macs. Entourage warns me, but the Login window isn't prompting me with the expected "Your password will expire in xxx days." All my Macs are running 10.5.2 in simple AD 2003 domain.

  I have a few 10.4.11 Tiger Macs and they DO work as expected - I get Active Directory password expiration notices at the Login window of my Tiger clients.
  Notes:
  Most of my users are local admins (don't ask why - long story)
  All of my users have managed mobile user accounts for offline access (laptop users etc)
  All my Macs are running 10.5.2. None of them can get AD password notices at the login window.
  All my Macs are bound to a simple AD 2003 domain. No big forest. 1 single domain.
  When I log into my AD domain from a Mac, I get a TGT from the KDC (which is an Active Diectory domain controller) as expected. Thus, Kerberos appears to be working.
  DNS works fine (forward and reverse lookups are resolving as expected)
  It used to work for me back in Tiger, but I'm not getting the warnings when I log into my Leopard Macs. Entourage 2004 and 2008 warns me about password expiration, but the OS XLogin window isn't prompting me with the expected "Your password will expire in xxx days."
  Message was edited by: Daniel Stranathan

• Join to Windows domain, what is benefits ?

  Hi there,
  I know it's strange question but can you answer it?
  If I make my Mac joined a Windows domain what is benefits I get as a system administrator? Is Windows server policy deployed on Mac (Password policy and so on)?
  Also if a network user (from Windows server) log in to Mac except home folder what I get?
  Thanks for help

  If I make my Mac joined a Windows domain what is benefits I get as a system administrator? Is Windows server policy deployed on Mac (Password policy and so on)?
  You're right - if you authenticate against the Windows domain, then all the Windows policies are in effect - expiration, password restrictions, auditing, etc.
  Also if a network user (from Windows server) log in to Mac except home folder what I get?
  I'm not sure what you mean by this.

• Password expiring notification

  Hello everybody. I'm developing a control wich warns an user logging to a web application about when his password (stored in an active directory server) is going to expire. I've found in this forum plenty of information to write this control and it's almost done but I've a doubt yet: is there an A.D. attribute wich says how many days before the password expiration the warning must be sent?
  I think no because, as far as I know, this is a kind of domain protection constrain wich is not directly related to Active Directory and I didn't find any examples or documentation about such an attribute but I can't really claim to be an expert in Active Directory architecture or Windows management then I think it's better to ask before setting an application parameter :)
  I'm accessing an Active Directory server on a Windows 2003 SP2 computer via an application developed in Java 1.5 under Tomcat 5.5.
  Thanks for any help, take care!
  Massimo Campodonico

  I'm assuming you've discovered the post titled "JNDI, Active Directory and User Account status (account expired, locked)" available at http://forum.java.sun.com/thread.jspa?threadID=716240&tstart=0 that describes account & password expiry etc.
  I think what you are tring to determine (or mimic) is the password reminder interval. Refer to the Microsoft KB article at http://support.microsoft.com/kb/135403 which describes how teh password reminder interval is determined. With Windows 2000 (and beyond), this is configured by group policy, which ultimately configures the registry setting HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\passwordexpirywarning
  Good luck.

• Leopard: AD Plugin Doesn't Warn Me When My AD Password Expires?

  I just noticed that my Windows PC is informing me that my AD password will expire in days. However, My Leopard Mac which is also bound to the same AD domain is not giving me the password expiration warning. I know that the AD plugin in Tiger (10.4.x) used to warn me about upcoming password change policies etc, but 10.5.1 is not.
  Has anyone noticed this behavior?
  Also - has anyone had any luck changing their AD password from a 10.5 client using the Accounts Preference Pane? I remember that Tiger was a little buggy sometimes...

  Thanks Strontium90!
  Turns out that is exactly what happened.  I am testing the adpassmon utility now...  very cool! I like how it allows you to change you password.
  I have had quite a few occasions where users change their passwords at login when their AD password expires... which knocks their keychain out of sync. This tool may just be the ticket.
  One again, many thanks!
  Ray

• How can I display the password expiration date for a user

  I have created a GUI (using PrimalForms) which runs powershel scripts to pull information like user ID, email address, last logon ec. for the helpdesk to help establish the validity of some user claims of "it worked yesterday" and the like.
  I have been asked to add the password expiration date, but I am struggling to get the code for this addition.
  Does anyone know how I can include this, and have it in a human readable format?
  The current scripts (there are 3) allow the helpdesk staff to search on user ID and display name, the third provides the last logon, it was impossible to include this in the other scripts so I added an extra search button and called it good. An example of
  these scripts is below (please note, PrimalForms needs a slightly different syntax in order to get the results displayed, but the core script is standard PS, I use Powershell 3.0)
  $results.Text=Get-ADUser -Filter "sAMAccountName -eq '$($EntryBox.text)'" -Properties DisplayName, sAMAccountName, mail, extensionattribute5, PasswordLastSet, PasswordExpired, PasswordNeverExpires, buMemberOf, telephoneNumber, msExchOmaAdminWirelessEnable, whenCreated, whenChanged, enabled, AccountExpirationDate | select givenName, surname, DisplayName, sAMAccountName, mail, extensionattribute5, PasswordLastSet, PasswordExpired, PasswordNeverExpires, buMemberOf, telephoneNumber, msExchOmaAdminWirelessEnable, whenCreated, whenChanged, enabled, AccountExpirationDate | Out-String
  $results.Focus()
  for info:
  $results.text is the window in the GUI results are displayed  in
  $entrybox.text is the text box the helpdesk staff use to input the user ID or display name of the account they are querying
  $results.focus simply tells the script to put the results in the results.text window
  The screenshot below shows the current setup, this is purely to put the above information into perspective. Obviously some of the information displayed has been removed/redacted along with our logo.

  Hi,
  Here's an example you can build from:
  $maxPasswordAge = 120
  Get-ADUser USER -Properties PasswordLastSet |
  Select SamAccountName,
  PasswordLastSet,
  @{N='PasswordLifeRemaining';E={$maxPasswordAge - ((Get-Date) - $_.PasswordLastSet).Days}},
  @{N='PasswordExpirationDate';E={(Get-Date $_.PasswordLastSet).AddDays($maxPasswordAge)}}
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Password Expire agrument while creating a new user

  When I create a user using the script:
  create user xxxx identified by yyy
  default tablespace -----
  temporary tablespace ----
  quota ---
  password expire;
  When the user logons for the first time, oracle throws a
  ORA-00988 error:
  missing or invalid password...
  My question is?
  On a UNIX system (I'm running on Window 2000 Professional)
  do you get the same error? Is this a misleading error message?
  Has anyone else seen this error message?
  Thank you in advance
  Mike Parish
  Toronto, Canada

  I found the answer:
  You must loging in sql/plus and typing alter user OWBSYS identified by password. The password depend on you, which name you will to them.
  Mehdi

• Leap and windows domain logon

  I'm doing some test with an Air 1200 and some 352 Pc card for one of our customers.
  With ACU ver. 4.25.23, I enabled LEAP authentication using the windows user name and password.
  Leap authentication is successful, while windows domain logon not.
  Not to say using a "normal" NIC that logon succeed.
  Sniffing the packets that come out the AP, it seems the domain logon happens... I see the requests/answers between my client and the domain controller...
  However, after canceling the windows domain logon I have normal connectivity with the entire network.
  Someone experienced that? Any help will be greatly appreciated.
  Antonio Tassone

  Sure.
  My attempts to logon in a windows domain using the same user/password for LEAP authentication and windows logon were unsuccessful (either using Win9x or Win NT/2000 on the client), indeed the login dialog box was stuck in something like "searching primary domain controller" or similar (I'm sorry but it's been some month ago).
  Looking the Radius server log, I found an error like " xxxxx DLL rejected".
  Searching the Cisco web site and the forums for that error, I read the advice to make the authentication services on the NT server to run with the privileges of one of the Windows Domain Administrator accounts.
  Following that advice, and with some other tweaking explained in the document I read, I reached my goal.
  I regret I can't be more precise.
  Regards.

• Configure Windows Domain Logon on Airport Express

  The question is... How can I configure Windows Domain Logon data on an Airport Express so it connects automatically without asking each of my other devices for login credentials?
  I use my Airport Express at work connecting it through ethernet, and the network uses Windows Domain credemtials to login, that is user, password and domain server. I have all data needed, this is, static IP, Gateway, DNS, user, password, etc., but I haven't found how to do this inside de Airport Express so I configure just one device instead of 3 or more.
  I have tryed configuring the Airport Express as PPPoE, but that's not the solution for this problem.
  Thanks in advance for the answer.

  Your wireless Netgear router and AirPort Express Base Station (AX) are pretty much useless if you don't have wireless capability for your Dell desktop. The AX uses AirTunes to receive, wirelessly, iTunes from your desktop.
  Just add a wireless card to your Dell and you should be in good shape. In fact, once you go wireless, you can return the Netgear router as your AX will provide Internet connectivity, stream iTunes, and share a USB printer.