SysOp Tools Password Reminder PRO - Active Directory password expiration notice for Windows domains, OWA, Outlook and Exchange. Don't rely on PEWA or VB password expiration reminder scripts - Our tools are designed for helping with expiring password user account management / administration especially for VPN, OWA and RPC/HTTP users

Password Expiration email Reminder for windows domains without writing VB scripts. Send users a windows password expire notice alert and active directory password change reminder email.

Notify users of upcoming Windows Domain Password change and send reminder for Expired expiring domain Password. OWA users and RPC/HTTP users and traveling VPN users will appreciate the password change reminder notice emailed to them. Our Password Reminder PRO Windows domain password expiry notification tool is the best way to send windows password email reminders to all of your domain users- No need for writing or scripting password reminders with VB reminder scripts.
Email notification for expiring passwords and email notification for expired passwords in active directory, easily send email password expiration notifications to users including active directory password expire emails, Active Directory password expiry notification via email and windows password expire notice. Use our AD active directory password change reminder email software for all of your user accounts. Password Reminder PRO is one of the top Windows security tools and Windows tools, including Windows password tools available today. Sysop and Sysop Tools, sysoptools, Password Reminder Pro, and Password Reminder Professional are designed to send Windows Password expiration notices, Windows password reminders, increase windows password security, help with securing Active Directory. Remain in-line with SOX compliance, HIPAA compliance and more easily enforce your domain password change policy. Password Reminder PRO runs on windows server 2000, 2003, 2003 r2, windows xp, vista and will work with any mail system including Novell, exchange 2000 and 2003, exchange 2007, linux and others. Expired Windows password, Domain password management, password notice, password tools, Windows password tool, Windows password, and Active Directory password are all key words used to describe the uses and utility for Password Reminder PRO.
Password Reminder PRO - Windows security tools and password auditing software for Microsoft Windows Active Directory and sending notification of expiring windows domain passwords to OWA, RPC/HTTP, Outlook, Exchange and VPN users.

Try Password Reminder PRO now! Send active directory windows password reminder

SysOp Tools :: Help Pages :: Go back to Main Support Page & Tech Docs


	Password Reminder PRO v1 Software Installation and User Guide Updated May 23, 2007

If you are just getting started, you may also want to read:
Password Reminder PRO Advanced Settings Document :: Quick Install Guide :: How-To Guides and Whitepapers

Table of Contents:

1.0 – Introduction

1.1 - How Password Reminder PRO Works
1.2 - Installation Requirements

2.0 - Software Installation and Setup

2.1 - Specifying Service Credentials
2.2 - Inserting your License Key
2.3 - Choosing your Mail host Relay
2.4 - Initializing Email Templates
2.5 - Specifying an Administrative Email Address
2.6 - Generating a Test Email

3.0 - Software Use and General Overview

3.1 - Main Admin console

Editing Your Email Reminder Template and an Example of a Finished Email Reminder
Associating Your Domain's Password Policy with Password Reminder PRO - IMPORTANT STEP !
Set your Reply-To Name and Email Address for Templates
Specify Reminder Email Send Days and Service Check Time
Choosing your Email Templates Editor and Customizing the Reminder Emails
Changing Application Run Mode: Test Mode / Live Mode
Reporting Console View and Reporting Data Fields

3.2 - Test Console Application and QA Testing in Your Environment Before Going Live

3.3 - Client License Check Utility
3.4 - Daily Administrative Password Reminder Email Summary Report
- .
3.5 - List of Dynamic Data Field Variables Used in the Email Reminders and How to Use

3.6 - New Version 1.3 Advanced Settings Overview - Audit Mailbox, Extended Reporting Data, Setting Email Mime Type, etc

4.0 - Troubleshooting

4.1 – Common Issues, Work Arounds and Reported Bugs
4.2 – Upgrading From Beta Version 1.1 to 1.2 - How to Upgrade

1.0 - Introduction:

Password Reminder PRO is an administrative reporting and alerting tool for Active Directory, designed to proactively alert domain users of expiring domain account passwords through a common communication medium- Email.
Quick Facts:
Easily bulk-view status of all Active Directory user accounts across the domain in an easy to use central reporting console, without having to log on to domain controllers or open MMC’s.
Professionally inform users of when their passwords will expire and what actions to take, using fully customizable html and text compatible email templates.
Reminder feature runs as a .Net service and performs the reminder functions for you automatically at your desired intervals. We’ve found that using Password Reminder PRO in a domain environment that enforces password change policies can reduce password-related help desk calls up to 80%.
Easy to use- Simply requires an existing Windows Active directory domain infrastructure and any standard SMTP mail server. Cross-platform compatible- Works with just about any mail system as long as your internal system can send to it- Exchange 2000/2003/2007, GroupWise, Q-Mail, PostFix, Gmail, etc..
Password Reminder PRO is designed to work with Windows 2000 / 2003 R1 & R2, mixed or native-mode domains.

1.1 - How Password Reminder PRO Works
Password Reminder PRO monitors your Active Directory domain user accounts across the enterprise, and sends a professional and personalized notification to users via email to remind them their domain password expiration date is approaching.
Using the Password Reminder PRO admin console you have ability to set number of days in advance that the user should receive a reminder notice, specify multiple notification intervals (for example, 1st notice at 10 days before expire, 2nd at 3 days, final notice at 1 day), and customize the message for all three reminders individually. There is no configuring of user email accounts or domain structures required; Password Reminder PRO figures all of this out for you as long as you run it in the LDAP domain which holds your mail-enabled user accounts, and you have a domain password change policy correctly established.
Non mail-enabled accounts, accounts without a password set and accounts that are set to not expire will not receive a reminder notice.
Password Reminder PRO also provides a real-time reporting console that shows status of all user account objects across the domain, allowing at-a-glance review of expiring user accounts, accounts that are set to not expire or do not require a password, system accounts, accounts that have never logged on, and accounts that have been inactive for an extended period. Invaluable for quickly assessing all accounts and determining if problems exist. All of the reporting console results are exportable in Excel format and data sets are neatly organized in tabs.
Overall, Passwrod Reminder PRO is a fabulous tool to have in place to help meet your Sarbanes-Oxley / PCI / HIPPA goals for internal security and auditing.

1.2 - Installation and Use Requirements
Installation and use of Password Reminder PRO requires the following:
- Software can be run under Microsoft Windows 2000, XP, Server 2000 or Server 2003
- Reporting Console data export feature requires Excel 2003 or later, or other xml-compatible spreadsheet program
- Microsoft Windows Active Directory 2000 or 2003 Domain Containing User Account Objects
- Microsoft .NET Framework v1.1 and SP1 Must Be Installed Prior to Running Password Reminder PRO
- Available internal SMTP Mail Host or Relay (Microsoft Exchange, Q-Mail, GroupWise, etc.)
- AD User Accounts That Have Functioning Email Addresses Attached (For use of Reminder Feature)
- Domain User Account Password Expiration Policy at the Domain Root Level (For use of Reminder Feature)
- Admin and Test Consoles are Run Under Context of Logged On User With At Least Read Access to AD and LDAP
- Reminder Service Must be Run Under a Domain\User Service Account That Has Access to AD and LDAP
- Valid Password Reminder PRO License Key for your specific Active Directory domain that hosts your user accounts
- Min Hardware for Less Than 5000 User Objects in Domain: 1gb installed RAM, min P4 1.5ghz CPU
- Min Hardware for More Than 5000 User Objects in Domain: 2gb installed RAM, min dual P4 2.0ghz CPU
- **Microsoft IIS and SMTP services are NOT REQUIRED to run Password Reminder PRO on a computer!
- **For domains with a Large Number of User Objects (5k or more) We Recommend Running Password Reminder PRO on a Dedicated Server or Workstation.

2.0 - Software Installation and Setup

Log on to the server or workstation that will host the Password Reminder PRO Admin console and Service. You must use an account that has local computer admin privileges. Run the installer, follow the prompts, click Finish to exit the installer. Next we’ll set up the newly installed Password Reminder PRO service permissions.

2.1 - Specifying Service Credentials
Click START>RUN and type services.msc, click OK. The Services window opens.

Scroll down list to the Password Reminder PRO Service, double-click to open the service properties
Make sure the service is set to ‘Started’ and ‘Automatic’
Click on the Log On tab and change the type from ‘Local System’ to ‘This Account’

Specify a domain account that has rights to read from your Domain Controllers’ AD and LDAP. If you are not sure, use an account that is part of the Domain Administrators AD group. Make sure the account has been granted domain rights to ‘Log on as a Service’
Specify the password for this account, click ‘Apply’, click ‘OK’, restart the service to bind new credentials. Verify the service is running and close the Services window.
Installation is now finished- Let’s move on to the fun stuff

2.2 - Inserting your License Key
Password Reminder PRO will not function without a valid license key generated specifically for your LDAP domain name that holds your user acount objects (domain.com or users.foo.com). You should have received a license key to use with your software, either via email (purchased key) or from your secure login page (trial key). If you do not have a product license key or need additional keys for sub-domains or other domains, contact Sales immediately through the http://www.sysoptools.com/about.html page.

Launch Password Reminder PRO admin GUI from the Start Menu program group (SysOp Tools > Password Reminder PRO).
At the top of the admin screen click File > Register and you will see a box pop up to insert your key- Copy your Password Reminder PRO key string from your email or personal site login page and paste it here. Click Save. Exit Password Reminder PRO, and re-launch to update the key within the application.

2.3 - Choosing your Mail host Relay
Password Reminder PRO requires use of a mail host relay in order to send the customized email reminders to your mail server. Unless you specify a valid mail host relay, the program will continue to prompt you for one.
The machine which hosts the Password Reminder PRO service has it’s own SMTP sender built-in, and establishes a direct port 25 connection to your relay or mail server. Make sure that the machine that is hosting the Password Reminder PRO service can communicate to your mail relay or mail server.

Open the Password Reminder PRO admin GUI
In the SMTP Relay box type the IP or FQDN of your mail server or relay that will be accepting port 25 connections. Example, smtp.yourdomain.com). As soon as you click out of this box, Password Reminder PRO will query the server to make sure it can establish a connection. During this check period, the admin screen will be non-responsive. Please wait until the check finishes, should be about 30 seconds max.
If Password Reminder PRO was unable to communicate with the mail relay or mail server, an error dialogue will appear. Please check the name of your relay server or check that port 25 is not blocked.

2.4 - Initializing Email Templates
Password Reminder PRO generates three separate email templates for you to use, and you can specify up to three different reminder days for alerting your users. Example, you can set the first expiration email reminder to go out at 10 days before a user’s password expires, then have a second one sent at 3 days prior, and finally, if they still have not changed their password, a final urgent notice sent at 1 day prior to expiration. Each of the three email reminders can be worded differently. If a user has changed their password after receiving the first notice, they will not receive additional notices until the next password change interval.
Open the Password Reminder PRO admin screen.
Under ‘First Message (Days)’ click ‘Preview’ – A web page opens and shows you the generic template. The 1st email reminder has now been initialized.
Close the web page and do the same for the Second Message (Days) and Last Message (Days) reminder email templates.
You have now generated all three of your user reminder emails, and they are ready to go! Easy huh?

If you look in the \Program Files\SysOp Tools\Password Reminder PRO\ directory you will see three new files, template1.html, template2.html, and template3.html. These are your email reminder template files, and are ready to use without further modification- Or you may open them in your favorite HTML editor (Don't use Frontpage!) and make as informative as you wish.
The recipient user name and number of expiration days remaining in the email message (between the |!| symbols) will be filled in with the correct information dynamically by Password Reminder PRO, making each received email 'personalized' for each user. We’ll test this out next.

2.5 – Setting up Administrative Email Address
In order to test out the reminder notice functionality and receive the Daily Admin Summary email of sent user password expiration notices, you will need to enter a friendly email alias name and valid admin email address in the Password Reminder PRO admin console settings.

Open Password Reminder PRO.
Type a friendly alias in the ‘Admin Mailbox Name’ box and a valid internal email address in the 'Admin Mailbox Address’ box. For example, Mail Administrator and mailadmin@yourdomain.com.
Click ‘Save Changes’
Password Reminder PRO will send a daily report summary of users who received an expiring password notice for review.
Go to section
When running Password Reminder PRO in Test Mode, generated reminder notice emails will go only to this Admin address and not to users!.
NOTE: To use the advanced "Audit Mailbox" feature please jump down to the Advanced Settings section.

2.6 - Generating a Test Email
Make sure you have successfully completed all of Section 2 above and read section 3.1 before proceeding.
The built-in test / QA functionality of Password Reminder PRO allows you to test functionality and verify that communications are set properly between the Password Reminder PRO software and your mail server. This will also allow you to see beforehand what the alert emails will look like to your end-users before going live, and allow you to review any customizations you've made to the email reminder templates. By default, Password Reminder PRO is set to Test Mode upon installation.

Method 1: Service Interval Testing
Open the Password Reminder PRO admin GUI
Make sure Run Mode selector at bottom of GUI is set to Test (default)
Select your 1st, 2nd and Last Message (Days)
Set the field PWExpire (Days) to the same number of days as your AD domain password change policy. (e.g., 45, 60, 90, etc)
Select the hour of day when Password Reminder PRO should perform an AD check and send email alerts (0-23, 0 = midnight)
Click ‘Save Changes’
When Password Reminder PRO runs at the specified hour, the alert emails will be sent to the administrative email address specified in section 2.5

Method 2: Real-Time Testing
Open the Password Reminder PRO admin GUI
Under Run Mode selector, select the Test Console option
A CMD window appears with the Test Console set to Test mode
At the prompt, type ‘s’, hit enter – A real-time check is performed and alert emails are sent to the administrative email address
This is the preferred method for testing edits to your email reminder templates prior to launching them live
Note: See section 3.2 for further details, commands list and instructions on using the Test Console for QA in your environment.

3.0 - Software Use and General Overview

3.1 - Main Admin console
Use
The Password Reminder PRO Admin Console is the functional center of the software. Here, you can set your email Reminder notification parameters, specify your mail host relay, administrative email address (for receiveing daily summary reports), and create / edit your email reminder templates. You can also use the 'Mode' drop down to select between 'Test' mode for QA / testing in your domain environment without distrubing your users, or 'Live' mode when you are ready for production use.

Note: Password Reminder PRO has it's own email send functionality built in- Microsoft IIS and SMTP services are not required.
Note: The admin console and reports are run under the security context of the logged on user. The logged on user must have access to read AD and LDAP, preferably a Domain Admin account.

Admin Mailbox Name: This the friendly name of the 'From' field that will be seen by users who recieve a password expiration reminder email.

Admin Mailbox Address: This is the reply-to address that will be seen by users who receive a password reminder email, and is the address that Password Reminder PRO auto-sends the daily admin report summary of email reminders that were generated on that day's run. Also, when Password Reminder PRO is run in Test mode, all individual user email reminders are sent to this email address instead of to the user. When using the advanced "Audit Mailbox" setting, the Admin Mailbox address is only used as the Reply To for users who receive a password expiration reminder. The Daily Admin Summary goes to the Audit Mailbox. See Advanced Settings section for use of the Audit Mailbox.

User Reports: click this to launch the Reporting Console to audit all user accounts. Very handy to help you keep your AD clean!

Modify: Use this button to set the application path to your favorite HTML editor program. This is used to edit your HTML email reminder templates.

First, Second and Last Message (Days) settings: Lets you set up to three email reminders for users. Each reminder can be different than the others, for instance the Last reminder message can convey a more urgent reminder message than the First or Second. Click 'Edit' to open the HTML template in your chosen editor, and after saving changes click 'Preview' to view the edited reminder in IE.

PW Expiration (Days): Should be set to EXACTLY the same number as your master domain password expiration policy. For example, if your Active Directory domain policy is set to expire user account passwords at 60 days, set this value to 60. If this field does not match your AD password change policy settings, you will get incorrect results from Password Reminder PRO.

Hour To Check: Is the time that Password Reminder PRO should look through Active Directory and send password reminders to users with an expiring passwrod, that fall on one of the Message (Days) settings. You may set this from '0' (12am) to '23' (11pm)

Run Mode: Used to set the functional mode of Password Reminder PRO, and to launch the Test Console. Set in Test mode, you will have a full test / QA environment in which to test / review the software operation in your live environment and send email reminders generated without disturbing your users. In Test mode, all generated password reminder emails are sent to the administrative mailbox only! So, you can configure everything, leave in Test mode, and let Password Reminder PRO run for a few days and receive the daily reminders as your users would see them, along with the daily admin summary report. This mode is also very handy for spot-editing and updating of the email reminder templates, and checking how they will look before flipping back to Live mode.

Editing Templates
Do NOT use MS Word or MS Front Page for editing the templates!
These applications will insert xml markup into the template and break it.
Use an industry-standard HTML editor such as DreamWeaver or GoLive - Or the awesome and free Notepad++.

Click the ‘Modify’ button to choose an editor for modifying the html template email reminder files, then click ‘Save Changes’
Go to the ‘First Message (Days)’ area and click Edit. Your template opens in your chosen editor. If you do not choose and save an editor, you will be prompted each time to select a program to run. DO NOT USE MS WORD or FRONT PAGE!

You can easily modify the contents to fit your needs and organization. Do not change any of the fields between the |!| characters, these are dynamic fields and are auto-populated by Password Reminder PRO. When you are done making changes save and close it, click ‘Preview’ to check layout, then using the Test Console fire off a test email to see the end result. The test email will go to the email address specified in the Admin Mailbox Address setting of the main console and will not disturb your users.

In the example above, the field |!| Full Name |!| displays the user's full name as entered in their Active Directory account and the field |!| PWDays |!| states the number of days remaining. The |!| characters do not show up in the live message.
Repeat this process for the other two Message (Days) templates, you can create up to three individually-tailored messages.
Tip: Templates are located in the \Program Files\SysOp Tools\ Password Reminder PRO\ directory. After you make your edits to all templates and are satisfied with the results, save a copy of them to another folder on your PC for backup.

Below is an example of a customized and finished email reminder notice- This is what the user will see in their mailbox:
Finished Example of a Customized Email Reminder

Specifying your Domain Password Age
In the "PW Expiration (Days)" field setting of the main console (3.1), type in the number of days that is equal to your master domain policy’s password expiration time. For example, you may have specified that passwords for your domain users must be changed every 60 days. Type 60 in this field.
NOTE: This setting in PW Expiration (Days) Should be set to EXACTLY the same number as your AD master domain password expiration policy setting. If this field does not match your AD password policy settings, you will get incorrect results from Password Reminder PRO.

There is no provision for changing the domain that Password Reminder PRO queries for User accounts. The domain is set at the time of purchase and is locked to your license key. Under the licensing box in the main Password Reminder PRO admin GUI, it will show which domain is currently licensed for use.
If you have issues or have incorrectly specified the domain, contact SysOp Tools sales dept.

Specifying your Reply-To Name and Email Address for Templates
Your Users may wish to respond to a received reminder notice. The alias and email address specified in the ‘Admin Mailbox Name’ and ‘Admin Mailbox Address’ fields will be used as the reply-to for reminder notices, and will be the destination for the Daily Admin Summary email. If you use the Audit Mailbox feature introduced in version 1.3, you can use the Admin Mailbox address as the Reply-To for users and have the Daily Admin Summary sent to the Audit Mailbox Address. See Advanced Settings for use of the Audit Mailbox feature in version 1.3

Specifying Reminder Email Send Days and Service Check Time
Set the number of days in advance of user password expiration that reminder notices should be sent. You may send up to three individually-customized notices.
Set the hour of day that Password Reminder PRO should check Active Directory for expiring password accounts, and send a reminder notice to users. This check runs once per day. You can send an instant reminder to all users via the Test Console, explained in Section 3.2

Choosing your Email Templates Editor
Click the ‘Modify’ button to choose an editor for modifying the html template email reminder files, then click ‘Save Changes’
Anytime you click the ‘Edit’ button for one of the message template days, it will launch your chosen editor. If you do not choose an editor and save this setting, you will be prompted for a program to use each time you select 'Preview' of the templates.
Do NOT use MS Word or MS Front Page for editing the templates!
These applications will insert MS markup language into the template and break the reminder send function.
Use an industry-standard HTML editor such as DreamWeaver or GoLive- Our the awesome and free Notepad ++.

Changing Application Run Mode
Click the Run Mode drop-down list to change services mode
‘Test’ mode runs the service and sends all expiration reminder email alerts to the administrative email address specified in the ‘Admin Mailbox Address’ field
‘Live’ mode places the service into production. All expiration email reminders will be sent to mail-enabled users who meet the expiration reminder criteria set in the Admin console, and the summary admin report will be sent to the administrative email address.

Reports View
The Report Console is a powerful auditing tool that allows you on-the-fly access to view all of your AD user accounts and status, and allows you to export screen results directly to MS Excel. Using the Report Console regularly, you will be able to easily identify odd AD accounts or misconfigured AD accounts. The more you use the Report Console, the cleaner your AD will become!

Use
Click the ‘Reports’ button to launch the console, if you have a very large AD environment give it a few seconds to pull data from AD and display the results
The console is broken up into tabs which display user accounts based on specific criteria. The view below shows the Reports Overview and Export screen:

PRP Reports Overview and Export

Note: Only the users specified in the 'Licensed Users' tab of the Reporting console can receive an email reminder, these listed users will receive an expiring password email reminder once they hit one of the three 'Message (Days)' email trigger dates specified in the Admin console.
If you did not specify enough license count to cover all of your password-expiring users, the 'Unlicensed Users' report will show accounts that fall beyond your current coverage. Password Reminder PRO counts users in order of AD account creation date and only counts user objects as 'licenseable' if they are a normal user object set with an expiring password via domain policy. This way, you do not have to over-spend on licenses and needlessly cover disabled, expired, or non-expiring (service) user accounts.

Exporting View Window Results
1. You may copy the individual report window results by pressing SHIFT+A to select all, and then CTRL+C to copy.
Paste into the spreadsheet or document editing program of your choice.

2. For a more professional result simply click the 'Export to Spreadsheet' button on the Export/Info tab- This will export the contents of all report windows into one organized spreadsheet, complete with tabbed data sheets, columns and column titles (Excel 2003 / 2007 only).

3.2 - Test Console Application

Use
The Test Console is a handy tool and is the "QA / Testing" environment that will help you set up and test Password Preminder PRO's email reminder functionality within your production domain environment before going live.
By default, the Test Console is run in "Test" mode (as indicated by the word "Test" next to the command prompt).
In this mode, you can perform a real-live password email reminder run against all of your user accounts, but your users will not receive the emails. The reminder emails will all be sent to the admin mailbox address that you specified in the main program admin console (section 3.1), and you can easily see what your users will recieve. You will NOT get an email for every user in your domain, only for certain users that are expiring and meet the reminder criteria set in the Admin console!

Test Console Commands List and Generating Test Reminders
Using the commands below, you can perform reminder email test runs on one user account at a time, or all user accounts. This will allow you to see what your user will see without disturbing the user, complete with that user's name and # of expiration days remaining automatically filled in on each email! You can use this test method to check for typos in your customized reminder templates.
Additionally, at the end of every test run you will receive an 'Admin Daily Summary Report' email which shows you exactly what Password Reminder PRO generated and sent out to your users. This report is what you will receive daily once you are running Password Reminder PRO in Live mode.
You may also use the Test Console in 'Live' mode to perform a manual production email reminder run to your users, at any time.

Remember, Password Reminder PRO only generates an email for users it finds which have a password that is about to expire (Expiring Users tab in the reporting console), falls on one of the numbered "Message (Days)" that you specified in the Admin console to send a reminder, and is covered by a valid client license (Licensed Users tab). For example, if you set Password Reminder PRO to send the 1st email reminder at 14 days from expiration, the 2nd reminder at 7 days, and the last reminder at 1 day, only the users who are expiring at exactly 14 days from expiration, 7 days and 1 day will receive an email reminder.
Keep in mind that If you have a license key for 100 users, and actually have 110 users, the last 10 users (in order of AD account creation date) will not receive an email reminder until you expand your license coverage. The 'Unlicensed Users' tab in the Reporting console will show you accounts that might need coverage, and our sales team can help you adjust your license count as neccesary.

Note: Only the users specified in the 'Licensed Users' tab of the Reporting console can receive an email reminder, and will receive an expiring password email reminder once they hit one of the three 'Reminder Days' email trigger dates specified in the Admin console. If you did not specify enough license count to cover all of your password policied, mail-enabled users, the 'Unlicensed Users' report will show accounts that fall beyond your current coverage. Password Reminder PRO counts users in order of AD account creation date.

3.3 - Client License Check Utility

This handy utility allows you to determine the appropriate number of client licenses to purchase for your envoronment. You do not want to under-license or excessively over-license.
Only user accounts that have an expiring password set via domain policy require a license "Licensable Users", which is what this utility looks for in your Active Directory.
Disabled accounts, non-expiring accounts, accounts without a pasword set and system$ accounts do not require a license.
For example, if you have 300 user account objects in AD (including service accounts, disabled accounts, system accounts, etc.) and only 250 of them are user accounts with an expiring password set, you will only need 250 licenses.
Note: Should your organization grow, you can purchase additional 25-client license packs by contacting SysOp Sales.
Note: If your licenseable user count is over 2500, you would receive an 'unlimited' license.

Use
To run the client license check, launch the tool from the Password Reminder PRO program group or download the tool from our site, then run from your computer.
Enter in the domain name that contains your user accounts, then click the 'Check License Count' button.
You must run this utility from a computer that is part of and connected to the domain that contains your password-expiring user accounts.

Results View:

3.4 - Daily Password Reminder Email Admin Summary Report

Use
When Password Reminder PRO sends out its round of daily password expiration reminders to users, at the finish of its run it also generates a summary report of all user reminder notices sent out for the day. This email summary report is sent to the administrator address that is specified in the Password Reminder PRO admin console.
This report is a very powerful feature of Password Reminder PRO, as it allows the sys admin or help desk to quickly audit expiring accounts, and identify accounts that may present an issue within your secured environment.

Click the image to have a look at an example report and learn more:

3.5 - Using Other Dynamic Data Fields in the Email Reminder Templates

Use:
In addition to the default dynamic data fields |!|PWDays|!| and |!|FullName|!| included in Password Reminder PRO's email templates, there are other dynamic fields you can use in order to help further customize the reminder messages to your specific needs. The table below lists all currently avialable fields and cooresponding LDAP data that is queried.

Email Template Dynamic Field	LDAP Data Field Used	Example Result

\|!\|FullName\|!\|	CN	Stevie Wonder
\|!\|FirstName\|!\|	givenName	Stevie
\|!\|LastName\|!\|	SN	Wonder
\|!\|PWDays\|!\|	n/a - calculated value + text	in 3 Days (or) in 1 Day
\|!\|PWDayCount\|!\|	n/a - calculated value only	3

Note: \|!\|PWDays\|!\| adds text before and after the calculated number. Example - “in xx Days” or "in x Day" \|!\|PWDayCount\|!\| = Shows the number value only without added text.
The easiest way to view referenced LDAP data fields for user accounts is to use our free AD Query utility.

3.6 - Password Reminder PRO v1.3 Advanced Features and Settings
Password Reminder PRO version 1.3 has introduced several new features. For a complete overview and list of advanced feature settings please download the PRP v1.3 Advanced Features and Settings document from our Support Page

Audit Mailbox: Version 1.3 adds support for a second administrative mailbox called the "Audit Mailbox". Once you enable this feature, the Admin Mailbox address is used as the reply-to address for password expiration reminders only. The Daily Admin Summary Report and other alerts will be sent to the Audit Mailbox address. This is useful for companies who wish to have user replies to the sent password expiration emails sent to a Help Desk or support mailbox, while having the Daily Admin Summary sent to the system administrator. This feature is activated by populating the Audit Mailbox registry setting field with a valid email address. If this field is left blank, the feature is disabled and only the Admin Mailbox address is used.

Send password expiration reminders as text: You have an option now to change the mime-type and format of the sent email reminders from HTML to as text-only. This is useful for government agencies or other secure organizations which do not support HTML email. The default HTML password expiration reminder emails may be converted to text and formatted using notepad, then re-saving as .txt. You must then change text file extension of .txt to the same name and .html extension or it will not function properly.

Text Conversion Example: Edit reminder1.html > save as reminder1.txt > rename reminder1.txt to reminder1.html
Note: The email default reminder template files are located in c:\program files\sysop tools\password reminder pro\

Changing the mime-type in Password Reminder PRO to text is as simple as changing the appropriate setting outlined in the Advanced Features and Settings document. The default setting for password expiration reminder emails is HTML. All email sending and formatting is 100% RFC compliant and dynamic data (user's name, etc) is inserted into both text and HTML emails.

Display more data about your users in the User Reports console: We've extended the User Reports console to show more data about your user objects. If you make use of the City field and the Department field in each AD user object's properites, this data is displayed in the User Reports console and the Daily Admin Summary. Aditionally, the full OU path is displayed for each user object in the User Reports console.
Misc Users tab view in the User Reports console now displayes the user object's password last set date, which is helpful for determining when the last time a service or system accounts password was last updated. Additionally, for companies that have not yet implemented a change-password policy, you may use this view to determine the password last set date of all your user objects and plan deployment of your domain password change policy in the least disruptive manner. Password Reminder PRO is now able to be used as a powerful pre-planning tool, saving administrators time and frustration with deploying a change password policy in an exisiting domain.

Optimized for large domain infrastructures: Password Reminder PRO's engine has been revised and performance-optimized, and is able to support use in extremely large active directories. Have 20k password-expiring user objects or more? No problem! Password Reminder PRO handles this with ease and will not over-burden your server or mail system.

Behind the scenes support for future plug-ins: Password Reminder PRO's core has been extended to plug-in with future product releases rom SysOp Tools. for example, we'll be releasing an external self service password-change and reset portal and an updated version of AD Query. Both of these new applications will integrate with Password Reminder PRO and allow for integrated reporting / alerting. For more information about our exciting upcoming product releases and how you can get on the beta testers list, contact our Support Team.

Support for all mail systems and clients: Password Reminder PRO functions well with Exchange 2000, 2003 and 2007, and now adds support for use through all other mail systems and clients. Using Notes, Qmail, Postfix, Domino, etc. as your amil system? No problem! As long as you have a functional Active Directory and an implemented domain change-password policy, Password Reminder PRO can send password expiration reminders to everyone.

Support for Office 2003 / 2007: The User Reports data is completely exportable to Excel 2003 or 2007, and results are neatly organized in tabbed sheets. Getting a handle on your AD user objects no matter how many you have has never been easier!

4.0 - Troubleshooting

4.1 - Common Issues FAQ (Updated regularly - Check back often - Last updated May 23, 2007)

1. My Mail Server Has Anti-Spam and / or Firewall Software on it. Should I Run Password Reminder PRO through it?
No!! Please always connect Password Reminder PRO's mail relay setting directly to your mail server un-filtered. Password Reminder PRO should always be treated as an internal resource application, and there is no need to filter the reminder emails through anti-spam software that is meant for external email. Doing so is not recommended or supported and will cause unpredictable results, or reminder function may fail completely. For example, if you are running NetIQ MailMarshall on Exchange, you more than likely have it set to use port 25. Contact support for instructions on how to connect our software to a different SMTP port number. You will need to connect Password Reminder PRO directly (not through MailMarshall or any other filtering software) on the different port number specified on Exchange for direct SMTP communication.

2. My Mail Relay / Server Uses a Non-Standard SMTP Port, Can I Still Use Password Reminder PRO?
Yes! If you must run mail relay connectivity on a non-standard SMTP port, for instance, to avoid running Password Reminder PRO through firewall or filtering software installed on Exchange, contact our Support Team for instructions.

3. Where Should I Install Password Reminder PRO Within my Domain?
Password Reminder PRO can be installed and run on any XP or 2000 workstation, or any 2000, 2003 or 2003R2 server that has .NET 1.1 installed and is a member of the domain which your license key was created for (example.com or internal.example.com). Your installation must be on a computer that has LDAP and AD connectivity to your primary DC- In a 2003 native environment that will be your Operations Master, in a 2000 or 2000/2003 mixed environment this will be your PDC Emulator. Your installation must also be able to successfully connect to your internal mail relay or mail host.
In single-site domain architectures (all DCs that users authenticate to are located within one office) this is easy. In multi-site architectures with groups of users authenticating to DCs physically local to their respective branch offices, please be sure to install on a computer that can directly communicate with your Operations Master DC (2003 native) or PDC Emulator (2000 or 2000/2003 mixed) in order to get the most out accurate data possible from Password Reminder PRO's reporting module.

Make sure you install Password Reminder PRO in the specific LDAP domain or sub-domain which contains your user objects, and ensure that your generated key was created for this domain. Your key will function only in the LDAP domain or sub-domain it was created for.

4. I Only Want to Use Password Reminder PRO on Certain User OUs and Not Others. Can I do This With Your Software?:
Password Reminder PRO works in conjunction with your Active Directory domain password change policy, which is set in the master domain policy at the root of the domain. Our software is not able to apply reminder notifications by specific OU while ignoring other OUs. Our tool is designed to be compliant according to internal security best-practices and meet SOX, PCI and HIPAA compliance standards. When possible, any and all implemented user security policies (such as requiring routine domain password changes) and user support tools should be applied uniformly, without exception.
The only work-around that we can suggest for 'selecting' groups of users with our software is to set some of your users to have an expiring password while leaving the other users' passwords set to 'never expire'. While not recommended, our software will only look for and notify the expiring password users.
We realize some of you will look at our tool initially to only support your remote OWA or RPC/HTTP users, however you will find extreme value in using Password Reminder PRO to support all of your users both internally and externally. How about the traveling executives with laptops, connecting via SSL VPN to Outlook remotely or using RPC/HTTP? Users who never log off of their workstations for weeks at a time? Password Reminder PRO will benefit all of your password-expiring users and help ease the support burden of implementing and enforcing an enterprise-wide change password policy, and will make your support department look good!

5. Notification Email Does not Send or Arrive in User Mailbox or Test Mailbox:
(a) Make sure you have specified the correct FQDN of a mail relay that is able to send email to your mail server
(b) Make sure the computer that you are running Password Reminder PRO on has port 25 connectivity to your mail relay, and LDAP connectivity to your Ops Master DC or PDC Emulator.
(c) To test mail relay and LDAP connectivity: Run the Test Console application and enter 'D' to perform a diagnostic run that checks communication with your mail relay and your active directory. The test output is visual and will assist in finding the problem.
(d) If running Password Reminder PRO from a workstation, make sure you do not have XP Firewall turned on or any other programs that could block LDAP port communication to your DC.
(e) Make sure you are running the Password Reminder PRO service account with domain credentials that have read access to AD and LDAP. By default it is installed as running under 'Local System', you must change this or it will not send out email reminders.
(f) Make sure you have specified the correct "PWExpire (Days)" setting in the Admin console to match your AD domain password change policy setting. For example, if your AD domain policy is 'change password every 60 days', set the PWExpire (Days) field to 60. If this value does not match between Passworkd Reminder PRO and your domain policy you will not receive proper results.

6. Test Console Returns no Results After Initiating a Send Test - I Only Get a Blank Flashing Cursor:
If you are running Password Reminder PRO in a domain that only contains non-password enabled user accounts , the Test Console cursor does not return a Send result and remains blank. This means one of three things:
(a) There is nothing for the software to process as it cannot find any password-expiring user accounts to query. Please make sure that you have implemented a domain password change policy in your active directory, have marked at least some of your user accounts as requiring a password that expires, and have entered the proper settings into the Password Reminder PRO admin console before testing the email reminder function.
(b) You are having connectivity issues to LDAP or the mail relay. Run the Test Console in debug mode by entering "D" and enter. you will see a visual printout of what the software is doing and it should identify any communication errors. Send this output to our support team for review.
(c) you are connecting Password Reminder PRO to a mail relay or server that is running anti-spam or mail firewall software. Please do not run Password Reminder PRO through mail filtering software, always direct-connect it to your mail server.

7. Password Reminder PRO Admin Console Does Not Show the Correct License Count and Domain, or License Count is Null:
(a) Make sure you have pasted the complete license key and then clicked 'save', then closed / re-opened the software
(b) Make sure you are running Password Reminder PRO in the same LDAP domain (domain.com) that you specified when you purchased your license key or signed up for a trial license key. Your key is tied to the LDAP domain specified at time of trial registration or purchase and will function in this domain only. If you entered an incorrect domain at time of registration and are having issues please contact SysOp tech support.

8. Clicking Reports Button from Admin Console Generates Error 'Not Found':
Your software license key is tied to the LDAP domain (domain.com) specified at time of trial registration or purchase and will function in this domain only. Using in another domain will produce errors until you secure a license key for that specific domain, including sub-domains of the root domain. If you experience this issue please contact SysOp tech support as you may have entered the wrong domain name at time of registration, or may be using the software on a computer that is part of a different domain. We'll be happy to help you out.

9. Some User Accounts Do Not Show the Correct Last Logon Date, Show a Old Last Logon Date, or May Show an Odd Date in the Reporting Console like 1/16/01: (This issue is more prevalent with NT4 / 2000 domains due to AD Schema limitations)
In some cases, you will see a user's Last Logon date as 1/1/1601 or 2/3/1601 in the Reporting Console view, usually for user accounts that are accessed by OWA-only or RPC/HTTP Outlook users who have never directly logged on to a Windows domain workstation, usually because they have been assigned a temporary user password that has not been updated yet (change password on next login flag).
The date string of 1/1/1601 is 'never logged on' in AD-speak, and the date string of 2/3/1601 or 1/1/1601 means a temporary password has been set for the user but not used and updated to a permanent pasword. With respects to how Active Directory and inter-DC replication of last logon functions (2003 domains only), reported user last logon dates in the auditing / Reporting Console portion of Password Reminder PRO can potentially vary by up to 14 days with remote users.
This is why:
Per Microsoft, the "lastlogontimestamp" (2003 only) AD user field will replicate user logon data across DCs only every 14 days. Per Microsoft this is by design to avoid constant inter-DC replication traffic.
The "lastlogon" (legacy NT4/2000) AD user field does not replicate across DCs, and will update a recent user logon event only on the local DC that actually processed the user logon (so it can be different on all 5 DCs if you have 5 DCs across your NT4/2000 enterprise). What we do with Password Reminder PRO's reporting function to compensate for this is, we look at both AD fields, compare the two dates, and then return the most recent last logon date for the user to the Reporting Console.

Note: If you are not running 2003 domain with extended 2003 schema, you will NOT have the replicating 'LastLogonTimestamp' schema field and will not be able to report the most accurate data in a geographically-dispersed DC architecture.

Note: Password Reminder PRO's 'Inactive Users' report screen looks specifically for user accounts that have not logged on for 30 days or more, ensuring that these results will always be accurate and not hindered by the potential 14-day variance (2003). If you notice logon date discrepancy in the other Reporting Console screens, this is a direct result of the 14-day replication delay within AD and between DC's in 2003. In an NT4 / 2000 domain you will need to run Password Reminder PRO in the same subnet as your PDC / Emulator for the most accurate data, but you may not see recent user logon dates that were validated on remote DCs. This is about as accurate as anyone (including Microsoft) can get at this time.

Note: The above issue does not affect the email reminder function of Password Reminder PRO in any way, which uses different data from AD and is spot-on accurate for NT4 / 2000 / 2003 / R2. This tech note applies only to the data shown in the audit / Reporting Console.

10. Users Do Not Receive the Reminder Emails, but Password Reminder PRO Sent Them:
You may have a permissions or relay restriction on your mail server, or Password Reminder PRO is unable to send protocol traffic to your mail host relay.
1. Check your mail server logs / queues and see if it has received mail traffic from the computer running Password Reminder PRO. Check if there are any error logs on the mail server for this mail traffic, or 'relay denied' log messages.
2. On the computer running Password Reminder PRO, open a command prompt and telnet to your mail relay or mail server on port 25. Initiate an SMTP Send from the computer to your mail server, and check that the mail was successfully received in your user's inbox. How to send SMTP emails from a command prompt via Telnet: http://exchange.mvps.org/smtp_frames.htm
3. Check that your users are on the same domain that Password Reminder PRO is installed in. If your email users reside on a sub-domain, you must re-license Password Reminder PRO for that sub-domain and run from there. Contact SysOp Support if this is the case.

11. Does the Admin Console GUI Need to Remain Open to Run Password Reminder PRO in Automatic Mode?
No. The Admin Console is only for setting configurations and accessing the Reporting Console. Password Reminder PRO runs as a service and is fully automated.

12. I Input my License Key and it is Not Showing Correct Status in the Admin Console:
After applying your license key, please click 'Save' and then close / re-open the Admin Console to activate the key.

13. I See Discrepancies Between the Last Logon / Logoff Time Reported in Exchange Mailbox Store, and the Last Logon Time Reported by PRP Reporting Console - Can the Mailbox Access Date be Extracted to Tune the Accuracy of the Last Logon Date in Password Reminder PRO?:
The mailbox logon/logoff fields in Exchange referred to here are the PR_LAST_LOGON_TIME and PR_LAST_LOGOFF_TIME properties on the mailbox itself, which get updated when the user logs in to or out of the mailbox.
Seeing how these fields are in the Exchange information store only and not tied to AD, you'd have to use some interface (like DAV, MAPI etc) to access this data for each mailbox. This is not easy to script, compare to what AD says, and then report back valid results. For now it is just not feasible to incorporate the Exchange DB data into Password Reminder PRO.
With Exchange 2007, there is a built in function within the get-mailboxstatistics CMDlet, which we may be able to leverage for a future release as an optional configuration item: http://www.microsoft.com/technet/prodtechnol/exchange/e2k7help/cec76f70-941f-4bc9-b949-35dcc7671146.mspx?mfr=true

14. What is the benefit of Password Reminder PRO vs. all the free scripts that exist that does a similar reminder function?
I like reminder scripts, they are great and I have written and used them myself for years.
Not everyone has time or ability to script, or remembers to run a script manually. All of the free scripts require editing and tailoring to your environment followed by much testing / troubleshooting, and basic scripts are extremely limited in scope of functionality- Especially if you have a widely distributed or complex domain environment.
Our software is a completely finished and robust solution that can be easily deployed, QA tested, and turned live in production by any IT system administrator regardless of Active Directory skill level, and provides these additional feature advantages:

-Complete automation of user domain password expiration reminders "set it and forget it"
-Several layers of intelligence checking are performed against AD for the user password expiration dates
-Does not 'spam' users who have multiple email aliases or send reminders to system / service accts, expired password users, or administratively disabled accounts
-Ability to send independently worded, multiple follow-up email reminders if user forgets to change password after receipt of 1st reminder email
-Professional looking reminder emails are fully RFC822 compliant and easily customizable to your environment needs
-No scripting knowledge, tinkering with Active Directory or deploying of server agents involved
-Complete user account status reporting console built-in and daily admin summary email report of users who received reminders
-Supported software developed by Active Directory and Exchange experts.
-Verified to operate in all Microsoft domain and Exchange environments
-Verified to operate in multi-site domains with widely distributed DCs
-Built-in 'QA' mode allows full testing of email reminder functionality in any live environment without disturbing users, ever!
-For a complete overview of functionality please read through the support guide above Top

Our software is free to use completely full-featured for 60 days. Feel free to sign up and give it a try. Installation is quick and does not modify your existing infrastructure. We feel that once you try it, you will agree it is the best solution available.

15. In Password Reminder PRO, the SMTP Relay field is in focus and will not let me complete other setting fields, causing a delay in the operation of the software. It complains that my mail relay entry is "not a valid host".
The SMTP 'field focus lock’ is by design. We want to ensure you have SMTP connectivity to your mail relay before proceeding with the remaining setup of our software, and we definitely want you to contact us if there is a problem.

This delay and error prompt occurs when the computer that is running Password Reminder PRO cannot successfully strike up a SMTP protocol conversation with your mail relay or host. It does a port check and brief query, and if it fails you get the pop up error. To troubleshoot:
Open the Test Console in Test mode and type "D" to do a connectivity debug run. You will see errors or no response if Password Reminder PRO is unable to converse with your mail server.
Open a CMD prompt and telnet / connect to port 25 on the mail relay from the computer running Password Reminder PRO. If you can connect, type HELO and hit enter, you should get a HELO back and be able to send an email from the command line.
If you cannot connect, check your network firewall settings or any mail server firewall settings like McCaffee. In Exchange, make sure that any Exchange SMTP connection rules or firewall software is allowing connectivity from the IP of the computer running Password Reminder PRO. Password Reminder PRO should never be run though anti-spam or firewall software when possible.

16. Our Organization does not Support HTML Email. Can Password Reminder PRO Send Text-Only Reminders?
Presently, yes. We have a version available that adresses this specific need and upcoming v1.3 will officially support this. Contact our Support or Sales Team for further details.

17. My Reminder Emails do not Send in Live Mode, but I Receive Them in Test Mode. What is Wrong?
Please make sure that you have NOT edited the reminder templates with Word, FrontPage or SharePoint Designer. These editors will break the email templates and they will not send reliably. If this happens, please delete the three reminder templates and re-create new ones by clicking "Preview" for all three reminder days in the Password Reminder PRO console. Then use a standard HTML editor like Dreamweaver or the awesome and free Notepad ++.

18. Password Reminder PRO does not send email reminders through the automated service component, but sends email reminders OK manually through the Test Console.
There is probably firewall or AV software running that is preventing proper operation of the email reminder component.
In order to ensure McAfee or any other Enterprise AV software does not interfere with operation of Password Reminder PRO's components, you will need to add three executables to your McAfee VirusScan Enterprise (or other vendor) exclusion settings.
In McAfee there is a section called: Access Protection Policies > Prevent Mass mailing worms from sending mail >
Chose Edit and add the following:
PRPConsole.exe
PRPAdmin.exe
PRPService.exe
This will ensure that our software and the email reminder send function is not blocked by the McAfee engine.

19. I have an NT4/2000 domain and the Reporting Console data shows "######" for all my user's last logon dates. What is wrong?
In final release 1.2 we added forward-compatibility to the Reporting module for 2003 native and 2003R2 domains, which takes advantage of a new AD schema field to provide consistent data across geographically dispersed domain infrastructures.
This change in our software reduced backwards-compatibility for the NT4 schema fields, which is why this error is occurring - There is no data to be found since our software is looking for a schema field that does not exist in NT4/2000 mixed mode.
We’ve created new version 1.2.2587 release that addresses this issue while preserving forward-compatibility. If you are experiencing this problem please log in and download the latest build from the download link. To take full advantage of the Reporting capabilites in large organizations you will need to move up to a mixed 2000/2003 domain with extended 2003 schema at minimum.

20. If I have users in foo.bar and in more.foo.bar and the product is installed in foo.bar, will it be able to send password reminders to the child domains?
No. PRP works with the root domain password change policy set in AD for each domain or sub domain. PRP can only work with one root domain password change policy at a time since each domain and sub domain have their own root policy set.
You would therefore need to install one instance of PRP in each domain or sub domain that contains password-expiring user account objects that you would like to send expiring password reminders to, and you must have a valid license key for each domain / sub domain.
As far as licensing goes, if you have your users spread between the root domain foo.com and a couple of sub domains (east.foo.com and west.foo.com), we would only need to know the number of password expiring user accounts for each domain / sub domain, and we would issue you 1 license key for each of these three LDAP domains. You could set the daily admin summary email for all thee instances of PRP to be delivered to the same admin mailbox.
If you have multi-domain needs, contact our Sales Team.

21. If I have an empty root forest but have multiple populated child domains, do you install Password Reminder PRO in the root, or in each child domain?
One installation for each child domain that contains password-expiring user objects will be required, as well as a specific license key for each child domain. Password Reminder PRO must be installed in the specific LDAP domain (foo.com) or sub domain (users.foo.com) that contains your password expiring user account objects, and uses the domain password expiration policy for that specific child domain. If you need to test / use Password Reminder PRO in multiple domains or child domains, contact Sales for the additional keys.

22. I cannot open the exported Report Console data in Excel 2000, it is just blank. What is wrong?
The exported data structure contains xml markup and is not compatible with Office 2000. You must use an xml-compatible spreadsheet viewer such as Excel 2003 or 2007.

23. Reminders send from the Test Console manually but are not sending in Live Mode automatically at specified time.
With this question, we assume you are referring to the installed service component which sends out the reminders at the time specified in Password Reminder PRO settings (0-23), and the manual test-send method of using the DOS-box Test Console.

By default, Password Reminder PRO installs the automated sender service under ‘Local System’ account , which will not work to send out reminders in Live Mode automatically.
In order for the service component to function automatically, you must edit the Password Reminder PRO service to use a domain\user account for the service. The account used must have rights in your domain to ‘log on as a service’ and ‘log on as a batch job’.
If you have Password Reminder PRO installed on a DC, the account used to run the service must also have local admin rights on the DC.
In a default unmodified domain, any user account used to run services on a domain member server must be a member of the Domain Admin group.
If your domain is secured using modified policies in your default domain policy and /or your domain controller's default OU policy, you may need to use an account that is specified in the Security section of those policies to run the service – Specifically the settings for ‘log on as a service’ and ‘log on as a batch job’.

Checking the Password Reminder PRO Service settings:
Go to Start > Run and type services.msc
Go to Password Reminder PRO service
Open the properties and change from local system to the proper domain\user account to run the service. Restart the service to make the credential change take effect.

Refer to our quick-start setup guide and user help guide located on our http://www.sysoptools.com/support.html page.

24. How to generate more test data if you are not initially seeing reminder emails in Test Mode.
Edit the "PW Expiration (Days)" field to a number lower than your AD password expiration policy. For example, if your domain password change policy is 60 days, set this to 15 or 25. As you change this value, you will begin to catch users who's pawwords are expiring and will be sent a Test Mode reminder email to the admin mailbox.
After you change the "PW Expiration (Days)" number, click 'save changes', then open the Test Console and hit 'S' to see if you are getting results. Play around with this number value and you will eventually hit a bunch of users. Basically what you are doing is 'fooling' our software by giving it an incorrect expiration policy value.
NOTE: Make sure to set this to the correct value (i.e. 60 days if your AD policy is 60 days) before going live!

25. Multiple installation use of Password Reminder PRO.

(a) Install 1 instance of Password Reminder PRO to a domain member server as your production installation, set it, test it and leave it. This will be your 'production' install that will send out the daily reminders to users.
(b) Install 1 instance of Password Reminder PRO to a domain workstation (or more than one if neccessary). Disable the Password Reminder PRO service component, and use this installation only for accessing the User Reports. You may also use this installation to edit \ update your email templates, then test them manually through the Test Console. When you are done with your template edits, upload the edited .html reminder template files to your member server installation (\\servername\c$\program files\sysop tools\password reminder pro\).

26. User Reports or Test Console give the following error message: Could not Contact LDAP Server.

The reason you are receiving this error is one of three:
1. You may not have used the correct LDAP domain name when you created your trial license key.
2. You are running Password Reminder PRO on a computer that is not connected to the domain.
3. It is also possible that you did not paste the complete key string of the trial key into the key registration box.

The trial license key you created must match the Active Directory LDAP domain which holds your User objects.
Sometimes the internal LDAP domain is different than your email domain (user@domain.com), it may be something like internal.domain.local or users.domain.com or domain.net

You can check the correct domain name by opening the AD Users and Computers MMC and looking at the name of the root domain (or child domain) that holds your password-expiring User objects. This is the right domain name that the trial key should be created for.

If you need a trial key for a different domain name, contact our Support Team and let them know what the correct domain name is and approximate number of password-expiring users. Our Support Team will email you a new trial key and help you out.

27. I can send reminder emails with the Test Console, but the emails are not sending automatically at the specified time.

On the computer running Password Reminder PRO, open the Services MMC and look for the Password Reminder PRO service.
Open the properties for the service and go to the logon tab.
Input domain\user credentials for the ‘logon as’ setting. You must use a domain\user account that has Active Directory rights to run as a service in the domain, and has local admin rights on the computer running Password Reminder PRO. By default this domain account should be part of the AD Domain Admin group, if you have defined your security policy settings for the Domain Controller’s OU default policy, you must use an account that has been defined in this policy under the 'log on as a service' and 'log on as a batch job' sub-settings.
The Password Reminder PRO service reads your LDAP and AD settings from the local DC and handles the automated password expiration reminder functions. If this service is not operating correctly the automated reminders will not be sent out.
After inserting the proper domain\user credentials, you must restart the Service.
Test by placing Password Reminder PRO in Test Mode, set the ‘Hour to Check’ for the next upcoming hour, and click ‘Save Changes’. Look for the emails and Daily Admin Summary to come to the Admin Mailbox when the test runs.

28. Do I need to leave the Password Reminder PRO program open and running for it to work automatically?

No- Password Reminder PRO installs a service component that handles the automated sending of reminder emails to your users. The Password Reminder PRO GUI is only used for adjusting program settings and accessing features such as the Test Console and User Reports. You may safely close this after you are finished changing / saving settings and Password Reminder PRO will continue to run. You must be sure that you have set up the service account properly for your domain environment, please refer to the setup guides and user manuals located on our main Support page.

4.2 - Upgrade from Beta Version 1.1 to Version 1.2 - The Easy Way
Upgrading Password Reminder PRO from version 1.1 to 1.2 is fairly simple, just follow these steps after downloading v1.2:
1) Make backup copy of your email reminder templates (not neccessary but recommended if you have highly customized them)
2) Make note of the domain service account and password that you set up for the Password Reminder PRO service component
3) Navigate to Add/Remove programs and uninstall Password Reminder PRO version 1.1
4) After uninstall is complete, install new version 1.2 from the downloaded setup.exe file
5) Open the Windows services control panel and re-enter the domain account username and password for the Password Reminder PRO service component , restart service.
6) That's it! All of your other previous settings are imported from version 1.1 including reminder templates, settings and license
7) Place Password Reminder PRO in Test Mode and run a partial email send test from the Test Console to verify your settings.

Copyright © 2006 SysOp Tools, Inc. All rights reserved.
This publication is protected by copyright and all rights are reserved by SysOp Tools, Inc. It may not, in whole or part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent, in writing, from SysOp Tools, Inc. This publication supports Password Reminder PRO v1.x. It is possible that it may contain technical or typographical errors. SysOp Tools, Inc. provides this publication “as is,” without warranty of any kind, either expressed or implied.

SysOp Tools, Inc.
6550 West Olympic Blvd
Los angeles, CA 90048
www.sysoptools.com

Trademark Acknowledgements:
Password Reminder PRO, SysOp Tools and the SysOp Tools logo are either individual trademarks or trademarks of SysOp Tools, Inc. in the United States and/or other countries. The names of other companies and products mentioned herein may be the trademarks of their respective owners.

Copyright © 2006-2007, SysOp Tools. All rights reserved. Top | Privacy Statement | Terms of Use | Site Map

SysOp Tools, SysOp Tools Password Reminder, Password Reminder PRO, Password Reminder Professional, Smarter System Administration Starts Here, ObjectExplorer, ObjExplorer, AD Query, AD Query PRO, Speedy Query, and other marks indicated on our Web site and the logo forms of the foregoing marks, are trademarks and/or service marks of SysOp Tools, and may be registered in the United States or in other jurisdictions including internationally. All other trademarks not owned by SysOp Tools that appear on this website are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by SysOp Tools, its parent company or its subsidiaries.