SysOp Tools :: Help Pages

Password Reminder PRO v1
Software Installation and User Guide
Updated January 8, 2007

Copyright © 2006 SysOp Tools, Inc. All rights reserved.
This publication is protected by copyright and all rights are reserved by SysOp Tools, Inc. It may not, in whole or part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent, in writing, from SysOp Tools, Inc. This publication supports Password Reminder PRO v1.1. It is possible that it may contain technical or typographical errors. SysOp Tools, Inc. provides this publication “as is,” without warranty of any kind, either expressed or implied.

SysOp Tools, Inc.
6550 West Olympic Blvd
Los angeles, CA 90048
www.sysoptools.com

Trademark Acknowledgements:
Password Reminder PRO, SysOp Tools and the SysOp Tools logo are either individual trademarks or trademarks of SysOp Tools, Inc. in the United States and/or other countries. The names of other companies and products mentioned herein may be the trademarks of their respective owners.

Table of Contents:

• 1.0 – Introduction
• 1.1 - How Password Reminder PRO Works
• 1.2  - Installation Requirements

• 2.0 - Software Installation and Setup
• 2.1 - Specifying Service Credentials
• 2.2 - Inserting your License Key
• 2.3 - Choosing your Mail host Relay
• 2.4 - Initializing Email Templates
• 2.5 - Specifying an Administrative Email Address
• 2.6 - Generating a Test Email

• 3.0 - Software Use and General Overview
• 3.1 - Main Admin console
• Editing Your Email Reminder Template and an Example of a Finished Email Reminder
• Specifying your Domain Password Age
• Specifying your Reply-To Name and Email Address for Templates
• Specifying Reminder Email Send Days and Service Check Time
• Choosing your Email Templates Editor
• Changing Application Run Mode
• Reporting Console View and Reporting Data Fields
• Licensed Users
• New/Unused Accounts
• Expiring Passwords
• Inactive Users
• Unlicensed Users
• Miscellaneous Accounts
• Disabled Accounts
• Exporting View Window Results

• 3.2 - Test Console Application and QA Testing in Your Environment Before Going Live
• Use
• Commands List

• 3.3 - Client License Check Utility
• Use
  
  
• 3.4 - Daily Administrative Password Reminder Email Summary Report
  
  
• 4.0 - Troubleshooting

• 4.1 – Common Issues, Work Arounds and Reported Bugs

1.0 - Introduction:

Password Reminder PRO is an administrative reporting and alerting tool for Active Directory, designed to proactively alert domain users of expiring domain account passwords through a common communication medium- Email. Password Reminder PRO allows the domain administrator to easily bulk-view status of all Active Directory user accounts across the domain in an easy to use central console, without having to log on to domain controllers or open MMC’s. Administrators can leverage their existing mail and domain infrastructure with Password Reminder PRO to easily and professionally inform users of when their passwords will expire and what actions to take, using fully customizable html and text compatible email templates. Password Reminder PRO runs as a .Net service and performs the reminder functions for you automatically at your desired intervals. We’ve found that using Password Reminder PRO in a domain environment that enforces password change policies can reduce password-related help desk calls up to 80%.
Password Reminder PRO requires an existing Windows Active directory domain infrastructure and any standard SMTP mail relay. Password Reminder PRO is designed for maximum compatibility with Windows 2000 / 2003 and Exchange 2000 / 2003 / 2007.

1.1 - How Password Reminder PRO Works
Password Reminder PRO monitors your Active Directory domain user accounts across the enterprise, and sends a professional and personalized notification to users via email to remind them their domain password expiration date is approaching.
Using the Password Reminder PRO admin console you have ability to set number of days in advance that the user should receive a reminder notice, specify multiple notification intervals (for example, 1st notice at 10 days before expire, 2nd at 3 days, final notice at 1 day), and customize the message for all three reminders individually. There is no configuring of user email accounts or domain structures required; Password Reminder PRO figures all of this out for you as long as you run it in the LDAP domain which holds your mail-enabled user accounts. Non mail-enabled accounts, accounts without a password set and accounts that are set to not expire will not receive a reminder notice.
Password Reminder PRO also provides you, the administrator, with a real-time reporting console that shows status of all user account objects across the domain. Allowing at-a-glance review of expiring user accounts, accounts that are set to not expire or do not require a password, system accounts, accounts that have never logged on, and accounts that have been inactive for an extended period. Invaluable for quickly assessing all accounts and determining if problems exist. All of the reporting console results are exportable in Excel format and organized neatly in tabs.
This is a fabulous tool to have in place to help meet your General Computing Control / Sarbanes-Oxley goals for internal security and auditing.

1.2  - Installation and Use Requirements
Installation and use of Password Reminder PRO requires the following:
- Software can be run under Microsoft Windows XP, Server 2000 or Server 2003
- Microsoft Windows Active Directory 2000 or 2003 Domain Containing User Account Objects
- Microsoft .NET Framework v1.1 and SP1 Must Be Installed Prior to Running Password Reminder PRO
- Available internal SMTP Mail-Host Relay (We Recommend Microsoft Exchange)
- Mail-enabled Domain User Accounts (AD User Account That Has a Functioning Email Address)
- Established Domain User Account Password Expiration Policy at the Domain Root Level
- Admin and Test Consoles Must be Run Under Context of Logged On User With At Least Read Access to AD and LDAP
- Reminder Service Must be Run Under a Domain Service Account With Access to AD and LDAP
- Valid Password Reminder PRO License Key for your Active Directory domain that hosts your user accounts
- Microsoft IIS and SMTP services are NOT REQUIRED to run Password Reminder PRO!

2.0 - Software Installation and Setup
Log on to the server or workstation that will host the Password Reminder PRO Admin console and Service. You must use an account that has local admin privileges. Run the installer, follow the prompts, click Finish to exit the installer. Next we’ll set up the newly installed Password Reminder PRO service permissions.

2.1 - Specifying Service Credentials
Click START>RUN and type services.msc, click OK. The Services window opens.

Scroll down list to the Password Reminder PRO Service, double-click to open the service properties
Make sure the service is set to ‘Started’ and ‘Automatic’
Click on the Log On tab and change the type from ‘Local System’ to ‘This Account’

Specify a domain account that has rights to read from your Domain Controllers’ AD and LDAP. If you are not sure, use an account that is part of the Domain Administrators AD group. Make sure the account has been granted domain rights to ‘Log on as a Service’
Specify the password for this account, click ‘Apply’, click ‘OK’, verify the service is running and close the Services window.
Installation is now finished- Let’s move on to the fun stuff

2.2 - Inserting your License Key
Password Reminder PRO will not function without a valid license key specifically for your domain. You should have received a license key to use with your software, either via email or from your secure login page. If you did not receive a product key, contact Sales immediately through the http://www.sysoptools.com/about.html page.

Launch Password Reminder PRO admin GUI from the Start Menu program group (SysOp Tools > Password Reminder PRO).
At the top of the admin screen click File > Register and you will see a box pop up to insert your key- Copy your Password Reminder PRO key string from your email or personal site login page and paste it here. Click Save. As soon as you click out of that box, the software will detect your key and show your current license status in the main Admin console. If you do not see the correct status, click the 'save' button in the main console, exit the console, and then re-launch the admin console to update the status.

2.3 - Choosing your Mail host Relay
Password Reminder PRO requires use of a mail host relay in order to send the customized email reminders to your mail server. Unless you specify a valid mail host relay, the program will continue to prompt you for one.
The machine which hosts the Password Reminder PRO service has it’s own SMTP sender built-in, and establishes a direct port 25 connection to your relay or mail server. Make sure that the machine that is hosting the Password Reminder PRO service can communicate to your mail relay or mail server.

Open the Password Reminder PRO admin GUI
In the SMTP Relay box type the IP or FQDN of your mail server or relay that will be accepting port 25 connections. Example, smtp.yourdomain.com). As soon as you click out of this box, Password Reminder PRO will query the server to make sure it can establish a connection. During this check period, the admin screen will be non-responsive. Please wait until the check finishes, should be about 30 seconds max.
If Password Reminder PRO was unable to communicate with the mail relay or mail server, an error dialogue will appear. Please check the name of your relay server or check that port 25 is not blocked.

2.4 - Initializing Email Templates
Password Reminder PRO generates three separate email templates for you to use, and you can specify up to three different reminder days for alerting your users. Example, you can set the first expiration email reminder to go out at 10 days before a user’s password expires, then have a second one sent at 3 days prior, and finally, if they still have not changed their password, a final urgent notice sent at 1 day prior to expiration. If a user has changed their password after receiving the first notice, they will not receive additional notices until the next password change interval.
Open the Password Reminder PRO admin screen
Under ‘First Message (Days)’ click ‘Preview’ – A web page opens and shows you the generic template.

Close the web page and the 1st template has now been created. Do the same for the 2nd and Last Message (Days) reminders.
If you look in the \Program Files\SysOp Tools\Password Reminder PRO\ directory you will see three new files, template1.html, template2.html, and template3.html. These are your email template files, and are ready to go without further modification. The recipient user names and number of expiration days remaining fields in the message (between the |!| symbols) will fill in automatically. We’ll test this out next.

2.5 – Setting up Administrative Email Address
In order to test out the reminder notice functionality and receive the daily admin summary email of sent user password expiration notices, you will need to enter a friendly email alias name and valid admin email address in the Password Reminder PRO admin console settings.
Open Password Reminder PRO admin console GUI
Type a friendly alias in the ‘Admin Mailbox Name’ box and a valid internal email address in the 'Admin Mailbox Address’ box. For example, Mail Administrator and mailadmin@yourdomain.com.
Click ‘Save Changes’
Password Reminder PRO will send a daily report summary of users who received an expiring password notice for review.
Go to section
When running Password Reminder PRO in Test Mode, generated reminder notice emails will go only to this address.

2.6 - Generating a Test Email
Make sure you have successfully completed all of Section 2 above before proceeding.
The built-in test / QA functionality of Password Reminder PRO allows you to test functionality and verify that communications are set properly between the Password Reminder PRO software and your mail server. This will also allow you to see beforehand what the alert emails will look like to your end-users before going live, and allow you to review any customizations you've made to the email reminder templates. By default, Password Reminder PRO is set to Test Mode upon installation.

Method 1: Service Interval Testing
Open the Password Reminder PRO admin GUI
Make sure Run Mode selector at bottom of GUI is set to Test (default)
Select your 1st, 2nd and Last Message (Days)
Select the hour of day when Password Reminder PRO should perform an AD check and send email alerts (0-23, 0 = midnight)
Click ‘Save Changes’
When Password Reminder PRO runs at the specified hour, the alert emails will be sent to the administrative email address specified in section 2.5

Method 2: Real-Time Testing
Open the Password Reminder PRO admin GUI
Under Run Mode selector, select the Test Console option
A CMD window appears with the Test Console set to Test mode
At the prompt, type ‘s’, hit enter – A real-time check is performed and alert emails are sent to the administrative email address
This is the preferred method for testing edits to your email reminder templates prior to launching them live
Note: See section 3.2 for further details, commands list and instructions on using the Test Console for QA in your environment.
              

3.0 - Software Use and General Overview

3.1 - Main Admin console
Use
The Password Reminder PRO Admin Console is the functional center of the software. Here, you can set your Reminder Days parameters, specify your mail host relay, administrative email address (for receiveing daily summary reports), and create / edit your email reminder templates. You can also use the 'Mode' dropdown to select between 'Test' mode for QA / testing in your domain environment without distrubing your users, or 'Live' mode when you are ready for production use.

Note: Password Reminder PRO has it's own email send functionality built in- Microsoft IIS and SMTP services are not required.
Note: The admin console and reports are run under the security context of the logged on user. The logged on user must have access to read AD and LDAP, preferably a Domain Admin account.



Admin Mailbox Name: This the friendly name of the 'From' field that will be seen by users who recieve a password expiration reminder email.
Admin Mailbox Address: This is the reply-to address that will be seen by users who receive a password reminder email, and is the address that Password Reminder PRO auto-sends the daily admin report summary of email reminders that were generated on that day's run. Also, when Password Reminder PRO is run in Test mode, all individual user email reminders are sent to this email address instead of to the user.
User Reports: click this to launch the Reporting Console to audit all user accounts. Very handy to help you keep your AD clean!
Modify: Use this button to set the application path to your favorite HTML editor program. This is used to edit your HTML email reminder templates.
First, Second and Last Message (Days) settings: Lets you set up to three email reminders for users. Each reminder can be different than the others, for instance the Last reminder message can convey a more urgent reminder message than the First or Second. Click 'Edit' to open the HTML template in your chosen editor, and after saving changes click 'Preview' to view the edited reminder in IE.
PW Expiration (Days): Should be set to EXACTLY the same number as your master domain password expiration policy. For example, if your Active Directory domain policy is set to expire user account passwords at 60 days, set this value to 60.
Hour To Check: Is the time that Password Reminder PRO should look through Active Directory and send password reminders to users with an expiring passwrod, that fall on one of the Message (Days) settings. You may set this from '0' (12am) to '23' (11pm)
Run Mode: Used to set the functional mode of Password Reminder PRO, and to launch the Test Console. Set in Test mode, you will have a full test / QA environment in which to test / review the software operation in your live environment and send email reminders generated without disturbing your users. In Test mode, all generated password reminder emails are sent to the administrative mailbox only! So, you can configure everything, leave in Test mode, and let Password Reminder PRO run for a few days and receive the daily reminders as your users would see them, along with the daily admin summary report. This mode is also very handy for spot-editing and updating of the email reminder templates, and checking how they will look before flipping back to Live mode.

Editing Templates
Do NOT use MS Word or MS Front Page for editing the templates!
These applications will insert xml markup into the template and break it.
Use an industry-standard HTML editor such as DreamWeaver or GoLive.

Click the ‘Modify’ button to choose an editor for modifying the html template email reminder files, then click ‘Save Changes’
Go to the ‘First Message (Days)’ area and click Edit. Your template opens in your chosen editor.
Now, you can modify the contents to fit your needs and organization. Do not change any of the fields between the |!| characters, these are dynamic fields and are auto-populated by Password Reminder PRO.  When you are done making changes save and close it, click ‘Preview’ to check layout, then using the Test Console fire off a test email to see the end result. The test email will go to the email address specified in the Admin Mailbox Address setting of the main console.

In the example above, the field |!| Full Name |!| displays the user's full name as entered in their Active Directory account and the field |!| PWDays |!| states the number of days remaining. The |!| characters do not show up in the live message.
Repeat this process for the other two Message (Days) templates, you can create up to three individually-tailored messages.
Tip: Templates are located in the \Program Files\SysOp Tools\ Password Reminder PRO\ directory. After you make your edits to all templates and are satisfied with the results, save a copy of them to another folder on your PC for backup.

Below is an example of a customized and finished email reminder notice- This is what the user will see in their mailbox:

Specifying your Domain Password Age
There is no provision for changing the domain that Password Reminder PRO queries for User accounts. The domain is set at the time of purchase and is locked to your license key. Under the licensing box in the main Password Reminder PRO admin GUI, it will show which domain is currently licensed for use.
If you have issues or have incorrectly specified the domain, contact SysOp Tools sales dept.

In the PW Expiration (Days) field, type in the number of days that is equal to your master domain policy’s password expiration time. For example, you may have specified that passwords for your domain users must be changed every 60 days. Type 60 in this field.

Specifying your Reply-To Name and Email Address for Templates
Your Users may wish to respond to a received reminder notice. The alias and email address specified in the ‘Admin Mailbox Name’ and ‘Admin Mailbox Address’ fields will be used as the reply-to for reminder notices.

Specifying Reminder Email Send Days and Service Check Time
Set the number of days in advance of user password expiration that reminder notices should be sent. You may send up to three individually-customized notices.
Set the hour of day that Password Reminder PRO should check Active Directory for expiring password accounts, and send a reminder notice to users. This check runs once per day. You can send an instant reminder to all users via the Test Console, explained in Section 3.2

Choosing your Email Templates Editor
Do NOT use MS Word or MS Front Page for editing the templates!
These applications will insert xml markup into the template and break it.
Use an industry-standard HTML editor such as DreamWeaver or GoLive.

Click the ‘Modify’ button to choose an editor for modifying the html template email reminder files, then click ‘Save Changes’
Anytime you click the ‘Edit’ button for one of the message template days, it will launch your chosen editor

Changing Application Run Mode
Click the Run Mode drop-down list to change services mode
‘Test’ mode runs the service and sends all expiration reminder email alerts to the administrative email address specified in the ‘Admin Mailbox Address’ field
‘Live’ mode places the service into production. All expiration email reminders will be sent to mail-enabled users who meet the expiration reminder criteria set in the Admin console, and the summary admin report will be sent to the administrative email address.

Reports View
The Report Console is a powerful auditing tool that allows you on-the-fly access to view all of your AD user accounts and status, and allows you to export screen results directly to MS Excel. Using the Report Console regularly, you will be able to easily identify odd AD accounts or misconfigured AD accounts. The more you use the Report Console, the cleaner your AD will become!

Use
Click the ‘Reports’ button to launch the console, if you have a very large AD environment give it a few seconds to pull data from AD and display the results
The console is broken up into tabs which display user accounts based on specific criteria. The view below shows the Reports Overview and Export screen:

Note: Only the users specified in the 'Licensed Users' tab of the Reporting console can receive an email reminder, and will receive an expiring password email reminder once they hit one of the three 'Reminder Days' email trigger dates specified in the Admin console. If you did not specify enough license count to cover all of your password policied, mail-enabled users, the 'Unlicensed Users' report will show accounts that fall beyond your current coverage. Password Reminder PRO counts users in order of AD account creation date and only counts user objects as 'licenseable' if they are set with an expiring password. This way, you do not have to over-spend on licenses and needlessly cover admin disabled, expired, or non-expiring (service) user accounts.

Exporting View Window Results
You may copy the individual report window results by pressing SHIFT+A to select all, and then CTRL+C to copy.
Paste into the spreadsheet or document editing program of your choice.
For a more professional result simply click the 'Export to Spreadsheet' button- This will export the contents of all report windows into one organized spreadsheet, complete with columns and column titles.

3.2 - Test Console Application

Use
The Test Console is a handy tool and is the "QA / Testing" environment that will help you set up and test Password Preminder PRO's email reminder functionality within your production domain environment before going live.
By default, the Test Console is run in "Test" mode (as indicated by the word "Test" next to the command prompt).
In this mode, you can perform a real-live password email reminder run against all of your user accounts, but your users will not receive the emails. The reminder emails will all be sent to the admin mailbox address that you specified in the main program admin console (section 3.1), and you can easily see what your users will recieve. You will NOT get an email for every user in your domain, only for certain users that are expiring and meet the reminder criteria set in the Admin console!

Commands List
Using the commands below, you can perform reminder email test runs on one user account at a time, or all user accounts. This will allow you to see what your user will see without disturbing the user, complete with that user's name and # of expiration days remaining automatically filled in on each email! You can use this test method to check for typos in your customized reminder templates.
Additionally, at the end of every test run you will receive an 'admin summary report' email which shows you exactly what Password Reminder PRO generated and sent out. This report is what you will receive daily once you are running Password Reminder PRO in Live mode.
You may also use the Test Console in 'Live' mode to perform a manual production email reminder run to your users, at any time.

Remember, Password Reminder PRO only generates an email for users it finds which have a password that is about to expire (Expiring Users tab in the reporting console), falls within the number of Reminder Days that you specified in the Admin console to send a reminder, and is covered by a valid client license (Licensed Users tab). For example, if you set Password Reminder PRO to send the 1st email reminder at 14 days from expiration, the 2nd reminder at 7 days, and the last reminder at 1 day, only the users who are expiring at exactly 14 days from expiration, 7 days and 1 day will receive an email reminder.
Keep in mind that If you have a license key for 100 users, and actually have 110 users, the last 10 users (in order of AD account creation date) will not receive an email reminder until you expand your license coverage. The 'Unlicensed Users' tab in the Reporting console will show you accounts that might need coverage, and our sales team can help you adjust your license count as neccesary.

Note: Only the users specified in the 'Licensed Users' tab of the Reporting console can receive an email reminder, and will receive an expiring password email reminder once they hit one of the three 'Reminder Days' email trigger dates specified in the Admin console. If you did not specify enough license count to cover all of your password policied, mail-enabled users, the 'Unlicensed Users' report will show accounts that fall beyond your current coverage. Password Reminder PRO counts users in order of AD account creation date.

3.3 - Client License Check Utility

This handy utility looks through your Active Directory domain for qualifying user accounts "Licensable Users" that would be able to receive an email reminder from Password Reminder PRO.
The tool returns the current count of qualifying users in your domain and the suggested number of client licenses to purchase.
For example, if you have 300 user account objects in AD (including service accounts, disabled accounts, system accounts, etc.) and only 250 of them are user accounts with an expiring password set, you will only need 250 licenses. Disabled acounts, non-expiring accounts, accounts that do not require a password and system accounts are ignored for licensing count and reminder functionality. Should your organization grow, you can purchase additional client license packs by contacting SysOp Sales.

Use
To run the client license check, launch the program from the Password Reminder PRO program group.
Enter in the domain name that contains your user accounts, then click the 'Check License Count' button.
You must run this utility from a computer that is part of and connected to the domain, with a logged-on user account that has read access to AD and LDAP.


Results View:

"Suggested License Purchase" rounds off to closest offered client license package. Contact Sales for a quote tailored to your environment.

3.4 - Daily Password Reminder Email Report Summary

Use
When Password Reminder PRO sends out its round of daily password expiration reminders to users, at the finish of its run it also generates a summary report of all user reminder notices sent out for the day. This email summary report is sent to the administrator address that is specified in the Password Reminder PRO admin console.
This report is a very powerful feature of Password Reminder PRO, as it allows the sys admin or help desk to quickly audit expiring accounts, and identify accounts that may present an issue within your secured environment.

Click the image to have a look at an example report and learn more:

4.0 - Troubleshooting

4.1 - Common Issues (Updated Regularly - Last Update January 8, 2007)

2000 / 2003 R1 Domain - Notification Email does not send:
(a) Make sure you have specified the correct FQDN of a mail relay that is able to send email to your mail server
(b) Make sure the computer that you are running Password Reminder PRO on has port 25 connectivity to your mail relay
(c) To test mail relay connectivity, open a CMD prompt on the computer that is running Password Reminder PRO and type: telnet name.mailrelay.com 25 and see if you can connect. If connected successfully, type HELO and hit enter- The mail relay should return a HELO back.
(d) Make sure you do not have XP Firewall turned on or any other programs that could block port 25 on the computer running Password Reminder PRO
(e) Make sure you are running the Password Reminder PRO service account with domain credentials that have read access to AD and LDAP. By default it is installed as running under 'Local System', you must change this or it will not send out email reminders.

2003 R2 Domain - Notification Email Does Not Send:
If you are running a native 2003 R2 domain, this may cause the email reminder send functionality to break. This can be identified by running the Test Console and hitting 'S' to send a test reminder email. The cursor does not return a send result and remains blank. We are working on troubleshooting this issue presently and will have it addressed as soon as possible. If you are affected by this issue please contact support via the 'Contact' link in your main login page to obtain latest status and possible fixes.

Admin Console Does Not Show the Correct License Count, or License Count is Null:
(a) Make sure you have pasted the complete license key and then clicked 'save'
(b) Make sure you are running Password Reminder PRO in the same LDAP domain that you specified when you purchased your key or signed up for a trial key. Your key is tied to the LDAP domain specified at time of trial registration or purchase and will function in this domain only. If you are having issues please contact SysOp tech support.

Password Reminder PRO Generates an Unhandled Exception Error After Applying License Key:
In certain instances, entering a license key for a domain that is different than the domain which Password Reminder PRO is installed in may cause an unhandled exception error and program termination. For example, using a license key registered to yyy.com on a computer that is a member of zzz.com. We will have the unfriendly error issue fixed in the next software version release, however keep in mind that your license key only functions in the domain that was specified at time of trial registration or purchase. If you incorrectly specified your internal domain, please contact our Sales team.

Clicking Reports Button from Admin Console Generates an Exception Error:
Your key is tied to the LDAP domain specified at time of trial registration or purchase and will function in this domain only. If you experience this issue please contact SysOp tech support as you may have entered the wrong domain name at time of registration, or may be using the software on a computer that is part of a different domain.

Some User Accounts Do Not Show the Correct Last Logon Date, May Show a Very Old Last Logon Date, or May Show as 'Never Logged On' in the Reporting Console:
Password Reminder PRO uses the Active Directory field "LastLogon" to query the last time a user logged on to the domain via local workstation or remote email. According to Microsoft, the lastlogon field does not replicate across DC's, and will update only on the DC that actually processed the user logon (so this field can actually have different last logon date information for a user account on 5 DC's if you have 5 DC's spread across various sites). Additionally, this field only updates on local NT logon events, and not on remote (OWA, RPC/HTTP) logon events.
In many cases, you will see Last Logon status as 'Never Logged On' or 1/1/1601 in the Reporting Console view for user accounts that are accessed by OWA-only users who have never directly logged on to a Windows domain workstation. We have found a fix for this which will be included in the next version release. The date string of 1/1/1601 is 'never logged on' in AD-speak.
PLEASE NOTE: This issue only affects the accuracy of the Reporting Console view and does not affect Password Reminder PRO's ability to accurately send the expiring password email reminder to the user.

Users Do Not Receive the Reminder Emails, but Password Reminder PRO Sent Them:
You may have a permissions or relay restriction on your mail server, or Password Reminder PRO is unable to send protocol traffic to your mail host relay.
1. Check your mail server logs / queues and see if it has received mail traffic from the computer running Password Reminder PRO. Check if there are any error logs on the mail server for this mail traffic, or 'relay denied' log messages.
2. On the computer running Password Reminder PRO, open a command prompt and telnet to your mail relay or mail server on port 25. Initiate an SMTP Send from the computer to your mail server, and check that the mail was successfully received in your user's inbox. How to send SMTP emails from a command prompt via Telnet: http://exchange.mvps.org/smtp_frames.htm
3. Check that your users are on the same domain that Password Reminder PRO is installed in. If your email users reside on a sub-domain, you must re-license Password Reminder PRO for that sub-domain and run from there. Contact SysOp Support if this is the case.

Non-USA Customers - Password Reminder PRO Gives a 'Date Incorrect' or 'License Expired' Error:
If this occurs, it is because you are running Password Reminder PRO on a computer that does not use the standard USA date format of MM/DD/YYYY. We have isolated the cause as a date formatting bug for all non-USA date zone settings.
The issue was identified in the application code for Password Reminder PRO v1.1. We have scheduled our new v1.2 build to be released very shortly which will fix this problem.
As an interim work-around in v1.1, you can set the server's date settings to USA. This will eliminate the error.

Password Reminder PRO Beta 1000+ (Unlimited) License Key Does Not Show More Than 1000 Licensed Users:
If you selected 1000 as your user count during beta registration, this key was designed to be unlimited and should not restrict sending reminder emails to 1000 users maximum. We have identified an intermittent bug in our key generation application and in the Password Reminder PRO v1.1 application. This issue will be permanently fixed in upcoming version 1.2, due out shortly. If you are presently experiencing user limitation to 1000 licensed users please contact support from your main login page or the About page for latest status.

Does the Admin Console GUI Need to Remain Open to Run Password Reminder PRO in Automatic Mode?
No. The Admin Console is only for setting configurations and accessing the Reporting Console. Password Reminder PRO runs as a service and is fully automated.

I Input my License Key and it is Not Showing Correct Status in the Admin Console:
After applying your license key, please click 'Save' and then close / re-open the Admin Console.

I See Discrepancies Between the Last Logon / Logoff Time Reported in Exchange Mailbox Store, and the Last Logon Time Reported by PRP Reporting Console - Can the Mailbox Access Date be Extracted to Tune the Accuracy of the Last Logon Date in Password Reminder PRO?:
The mailbox logon/logoff fields in Exchange referred to here are the PR_LAST_LOGON_TIME and PR_LAST_LOGOFF_TIME properties on the mailbox itself, which get updated when the user logs in to or out of the mailbox.
Seeing how these fields are in the Exchange information store only and not tied to AD, you'd have to use some interface (like DAV, MAPI etc) to access this data for each mailbox. This is not easy to script, compare to what AD says, and then report back valid results. For now it is just not feasible to incorporate the Exchange DB data into Password Reminder PRO.
With Exchange 2007, there is a built in function within the get-mailboxstatistics CMDlet, which we may be able to leverage for a future release as an optional configuration item: http://www.microsoft.com/technet/prodtechnol/exchange/e2k7help/cec76f70-941f-4bc9-b949-35dcc7671146.mspx?mfr=true
As far as AD and the currently used method of last logon date reporting in Password Reminder PRO, this is what can be expected:
We know that "lastlogontimestamp" AD user field will replicate across DCs only every 14 day. Per Microsoft this is by design to lower chance of constant inter-DC replication traffic. Given the 14-day max update interval, you would still be made aware of any stale user objects that have not participated in a logon event after that amount of time has lapsed through Password Reminder PRO's 'Inactive Users' report.
We know that "lastlogon" AD user field will not replicate across DCs, and will update only on the local DC that actually processed the user logon (so it can be different on all 5 DCs if you have 5 DCs across your enterprise)
What we do with Password Reminder PRO's reporting function to try and compensate for this is, we look at both AD fields, compare the two dates, and then return the most recent last logon date to the reporting console.

As long as your users check their email somewhat regularly they will know exactly when their password will expire by receipt of the personalized reminder email. We suggest setting your 1st reminder message day at 15 days before expiration, the 2nd at 7 days, and the final reminder at 1 day.