Requirement/Scope of Work
==========================
It will be two programs. One run on client side (Windows 7 & XP) and another on server side (Windows Server 2008 R2).
Client side (2 utilities):
[1] A utility to randomly create local administrator password and update to server database.
[2] A utility to notify user about the last logon time.
Server side (Single program):
[1] Keep up to 3 password history generated on client side in database. Administrator can do a web based login and query the computer records.
[2] Email notification to users about their last logon time if greater than 30 days (or any value that desired) then a notification will be sent. Administrator can generate report from the system as well.
Appendix:
———-
Technical Details:
1) Query “msDS-LastSuccessfulInteractiveLogonTime” attribute (instead of LastLogonTimeStamp) on Active Directory with additional email attribute
Sample Script can be found at http://www.rlmueller.net/Last%20Logon.htm
Info on “msDS-LastSuccessfulInteractiveLogonTime”:
http://msdn.microsoft.com/en-us/library/ms677437(VS.85).aspx
2) Send an email via SMTP to the list of user [output of #1] that has the last logon day is great than 30.
3) Create a popup message box based on user logon name.
4) Administrator can logon through web based to view the local administrator password and user last logon details.
References:
http://www.rlmueller.net/ADOSearchTips.htm
http://msdn.microsoft.com/en-us/library/ms676855(v=VS.85).aspx (E-mail-Addresses attribute)
Expected Output
Step #1 output (script provided from the URL)
===============================================
CN=Lola Jacobsen,OU=FIM Accounts,OU=Lab Objects,DC=woodgrovebank,DC=com;Never
CN=Terry Adams,OU=FIM Accounts,OU=Lab Objects,DC=woodgrovebank,DC=com;7/29/2010 6:08:11 PM
CN=Jimmy Bischoff,OU=FIM Accounts,OU=Lab Objects,DC=woodgrovebank,DC=com;Never
CN=Mark Brown,OU=FIM Accounts,OU=Lab Objects,DC=woodgrovebank,DC=com;Never
Note: Need additional info which is the email attribute. Account without email attribute will be ignore/discard
Step #2 Output
==============
Dear Terry Adams,
You last logon time is on 7/29/2010 6:08:11 PM. Your account will be inactive soon. Please logon before [last logon + 30 days].
Please contact IT Helpdesk at 1800-Helpdesk if you have any question.
Thank you,
IT Helpdesk
Step #3 Output
===============
Dear Terry Adams,
You have successfully logon to server. Your next logon to server must not later than [today date + 30 days].
Exceeded the allowable period, your account will be disabled. Please contact IT Helpdesk at 1800-Helpdesk if you have any question.
Step #4 Output
==============
Name Logon Name Email Last Logon Date
Lola Jacobsen Lola.Jacobsen Lola [ a t ] abc com Never
Terry Adams Terry.Adams terry [ a t ] abc com 7/29/2010
6:08:11 PM
Refererence:
http://blogs.dirteam.com/blogs/jorge/archive/2008/02/11/showing-last-logon-info-at-logon-in-windows-server-2008.aspx
