If you can't afford to loose it back it up.

I don't remember where I found this little adaptation of "If You're Happy and You Know It," but I never forgot it after reading or hearing it for the first time.

Sung to the tune of "If You're Happy and You Know It:"

If you can't afford to loose it back it up!
*clap*clap*clap*
If you can't afford to loose it back it up!
*clap*clap*clap*
If you can't afford to loose it
then there's no way to excuse it.
If you can't afford to loose it back it up!
*clap*clap*clap*

Silly maybe, but also true.

Check status of a user's password

Thanks to PCI requirements we recently formalized the the password aging policy in our Active Directory domain and unchecked the Password does not expire flag on all users accounts. I quickly found that I needed a way other than using Active Directory Users and Computers to check to see if a user's password is expired as users ignored the message to change their password.

I also found it helpful to see when the password was last changed and how long until the password expired. It seems the "Your password will expire in X days..." message was causing the odd issue with Outlook Web Access and Entourage (Mac Exchange Client) and having the user change their password resolved the issues.

So instead of always turning to Active Directory Users and Computers, I turned to scripting. Turns out you need the full LDAP distinguished name of the user in order to query password information. Typing in the full DN is a chore, but a bit of searching turned up a method for finding the a DN using the logon name.

And thus a simple script was born.



Script Username prompt.



Script Output.

Download VB Script Code