Issues with an expired Windows (AD) password was always a bane of system administrators/helpdesk operators. But Microsoft managed to get things worse by removing the nagging dialog asking you to change your password (present in Windows XP) and changing it to a subtle tooltip popup (since Windows Vista). So subtle, that even i miss it often.. As we are slowly transitioning to more mobile workflow (working from home, from mobile, in your browser) this will generate even more issues and users’ frustration with technology. So we looked into options to more actively remind our users about the eminent expiration of their passwords. I’m still puzzled why nobody at Microsoft thought about adding this option (to send a reminder via email/sms) to Exchange or Office 365. There are a number of paid tools on the web. Most of them do a lots of other stuff and password management and reminders is usually a single module. Same is true for ManageEngine’s ADSelfService Plus suite and it’s standalone freeware Free Password Expiry Reminder Tool (i know, the name is abysmal..). This tool is a web based service running on java (like most ManageEngine’s tools). You can even install it on your own desktop and run it only when you need it. You can also install it as a service. Its management panel can be accessed via a browser from a remote point. As i have recently installed a secondary domain controller in our network i opted to put this tool on that DC locally. Yeah, i know, not the best practice. But this tool lacks https support and i wasn’t keen on accessing it and possibly providing domain credentials to it via a plain text connection. When installing it i have pointed it to use that DC, so it won’t go outside of that machine to pull the users and their passwords expiry dates. All the queries should run inside that DC. One thing to note. It doesn’t work well with IE, so to manage it you have to use some modern browser like Firefox or Chrome. Ideally you would only setup it once and forget, so you can remove the browser later. It has a wide selection of options to setup mail (or even sms) notifications for users. It can do this daily, weekly, on a set number of days until expiry, it can repeat the notifications, can report to managers of users and to its operator. And it works. But.. yesterday, after setting everything up, i’ve decided to give it a try and ran the scheduler. It sent 4 notifications. One of the users was still online at her desk. I have called her and asked if she has received the email notification (her password was expiring next day) and if it was clear to her what to do. She confirmed both. Today i have decided to check the things and.. She hasn’t changed her password after all (facepalm). On Monday she will be calling me or my colleagues not able to access internal resources. So much for the nice tool. The real bane always was and is THE USERS 😀