How to tell if your users AD account password has expired

Like I said in a previous post we are dealing with the after math of a disaster so most of our Administrative tools are still offline until we get around to bringing back online. One of those tools was a real life saver and would email not only the admin team but the end users that their AD password was about to expire. So without that we are flying blind, which is not a big deal for the day to day management of our network.

Moving along I got a call the other day from one of my users who was working remote who said that he could not connect to email. So I asked him when was the last time he reset his password, which he said he did not know.

So I opened up my command line and ran the following command

net user %USERNAME% /domain

Replace %Username% with the username you want to query and it will return a ton of information about the user account including the date the password will expire. 

Scenario 001 – You have a remote user who says they are not able to connect to the VPN. Claims that their password may have expired.

So you come in Monday morning and you get a phone call from your Director of Sales who says he is unable to log into the VPN. He is on the road all week in Canada and is not able to have you remote in to see what is going on. He has 30 minutes to prep for a very important meeting and he left his powerpoint deck on his H: Drive. He also tells you that he thinks he saw a message telling him that he needed to reset his password for the last two weeks but he just forgot to do it.

How can you find out what  is going on with his account?
Since we are working with a Microsoft AD environment there are hundreds (if not thousands) of ways to find your answer. One of my favorite ways to see what is going on with a AD account is by using NET USER “Username” /DOMAIN
This command will give you every piece of information about the user account that you could want including:
  •  AD Group Memberships
  • Last time the Password was reset
  • When is the next time it can be reset.
Next time you have a chance to play with your AD Domain try familiarizing yourself with this Command as it may help you in the future. 

Windows Update error 0x80243004…..

While performing routine server maintenance on one of my terminal servers at work I received one of the many vague error messages that Microsoft in their (In)finite wisdom give us to help troubleshoot the problem. Normally I would just ignore the error message and come back to it at a later time but as I am in the middle of a tight window I figured I would give it a shot an troubleshoot it (Crazy I know).

So first I start by Google-ing “Error Code 80243004” and I get several hits. The first one I get takes me to a Microsoft article about the issue:

It was very short and to the point (which I appreciated greatly at 11 PM), but the answer I got really made me think that it was pulling my leg. Since it was a Microsoft article I took it seriously and followed it’s sage advice and amazingly it worked!!! (or so it seems at the time of me writing this)

Apparently the little notification that you get when you log in that tells you that you have updates to install is more than just an annoying little pop up. Without it being present your updates will fail (Unless you have it disabled in Group Policy). So from what I can tell, one of my users must have gotten tired of seeing that pop up and told the system to make it go away, and because of that I was unable to update the system until I brought it back.

Why would anyone make that little notification so important? I am really posing a serious question here, and if you have an answer it would be greatly appreciated down below in the comments.

Also if you are like me and enjoy looking at pictures to help you through issues, I would say check out this blog post as well:

I hope this post has been helpful to you and I will continue to post more of these (As I discovered more update issues from my casual perusing of my network).