Sponsored Links

I had a user today ask, "Are we still doing the password security program?  It’s been over 90 days since we first implemented it and I haven’t been prompted to change my password.  Thanks!"
The next thing I said was, F$@%! Then I use most of a script I found at http://msdn2.microsoft.com/en-us/library/ms974598.aspx
This helped me to determin when user passwords expire in an OU.

BTW the user above had changed their password 43 days ago, they had just forgotten!

----------COPY EVERYTHING BELOW THIS LINE for the Script----------

' Taken from http://msdn2.microsoft.com/en-us/library/ms974598.aspx
' VBScript to find out when a password expires
' Authors Greg Stemp, Dean Tsaltas, and Bob Wells and Edited by Cheyenne Harden www.lazynetworkadmin.com
' Original Version 1 - September 12, 2002   Updated by Chey 5.1.07
' --------------------------------------------------------------'
On Error Resume Next

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400

Dim objOU, objUser, objRootDSE
Dim strContainer, strDNSDomain, strOU
Dim intPwdValue, intAccValue

'Choose the AD OU
strOU = inputbox("Enter the number of the OU you would like to see when the password expires."_
& vbCr & "Building 1:" & vbCr & "   1 = Network Administrators" & vbCr &"   2 = Support Companies" _
& vbCr & "   3 = Managers" & vbCr & "   4 = Maintenance" & vbCr & "   5 = Accounts Payable" _
& vbCr & "   6 = Accounts Receivable" & vbCr & "   7 = Other" & vbCr & "   8 = Graphics Art" _
& vbCr & "   9 = HR" & vbCr & "   10 = Management" & vbCr & "   11 = Marketing" _
& vbCr & "   12 = Programming" & vbCr & "   13 = Reception" & vbCr & "   14 = Sales" _
& vbCr & "   15 = Shipping" & vbCr & "   16 = Support" & vbCr & "   17 = Technicians" _
& vbCr & "Building 2:" _
& vbCr & "   18 = Health and Safety" & vbCr & "   19 = Lab" _
& vbCr & "   20 = Management" & vbCr & "   21 = Reception" & vbCr & "   22 = Plant")

If strOU = "" Then
Wscript.Echo "You did not enter a number!"
WScript.Quit

Else
' Bind to Active Directory Domain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' -------------------------------------------------------------'
' Important change OU= to reflect your domain
' -------------------------------------------------------------'
'strContainer = "OU=Network Administration,ou=newyork, "

Select Case strOU
 Case 1
  strContainer = "OU=Network Administration,ou=newyork, "
 Case 2
  strContainer = "OU=Support Companies,ou=newyork, "
 Case 3
  strContainer = "OU=Users,OU=Territory Managers,ou=newyork, "
 Case 4
  strContainer = "OU=Maintenance,ou=newyork, " 
 Case 5
  strContainer = "OU=Accounts Payable,OU=Accounting,OU=Users,OU=Building1,ou=newyork, " 
 Case 6
  strContainer = "OU=Accounts Receivable,OU=Accounting,OU=Users,OU=Building1,ou=newyork, "
 Case 7
  strContainer = "OU=ART,OU=Users,OU=Building1,ou=newyork, " 
 Case 8
  strContainer = "OU=Graphic Arts,OU=Users,OU=Building1,ou=newyork, " 
 Case 9
  strContainer = "OU=HR,OU=Users,OU=Building1,ou=newyork, "
 Case 10
  strContainer = "OU=Management,OU=Users,OU=Building1,ou=newyork, "
 Case 11
  strContainer = "OU=Marketing,OU=Users,OU=Building1,ou=newyork, "
 Case 12
  strContainer = "OU=Programming,OU=Users,OU=Building1,ou=newyork, "
 Case 13
  strContainer = "OU=Reception,OU=Users,OU=Building1,ou=newyork, "
 Case 14
  strContainer = "OU=Sales,OU=Users,OU=Building1,ou=newyork, "
 Case 15
  strContainer = "OU=Shipping,OU=Users,OU=Building1,ou=newyork, "  
 Case 16
  strContainer = "OU=Support Staff,OU=Users,OU=Building1,ou=newyork, "
 Case 17
  strContainer = "OU=Technicians,OU=Users,OU=Building1,ou=newyork, " 
 Case 18
  strContainer = "OU=Health and Safety,OU=Users,OU=Building2,ou=newyork, " 
 Case 19
  strContainer = "OU=Lab,OU=Users,OU=Building2,ou=newyork, "
 Case 20
  strContainer = "OU=Management,OU=Users,OU=Building2,ou=newyork, " 
 Case 21
  strContainer = "OU=Reception,OU=Users,OU=Building2,ou=newyork, "
 Case 22
  strContainer = "OU=Plant,OU=Users,OU=Building2,ou=newyork, " 
  
  
End Select

strContainer = strContainer & strDNSDomain


' Loop through OU
set objOU =GetObject("LDAP://" & strContainer )
For each objUser in objOU


sUser = objUser.Get("Name")  
WScript.Echo sUser  
'--------------------------------------------------------------------------------------------  
      intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then    
    WScript.Echo "The password does not expire."
    'WScript.Quit
Else
    dtmValue = objUser.PasswordLastChanged
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then              
        WScript.Echo "The password has never been set."
        'WScript.Quit
    Else
        intTimeInterval = Int(Now - dtmValue)
        WScript.Echo "The password was last set on " & _
          DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf & _
          "The difference between when the password was last" & vbCrLf & _
          "set and today is " & intTimeInterval & " days"
    End If

    Set objDomain = GetObject("LDAP://DC=DOMAIN NAME HERE,DC=com") 'Put your domain Here.
    Set objMaxPwdAge = objDomain.Get("maxPwdAge")

    If objMaxPwdAge.LowPart = 0 Then
        WScript.Echo "The Maximum Password Age is set to 0 in the " & _
                     "domain. Therefore, the password does not expire."
        'WScript.Quit
    Else
        dblMaxPwdNano = _
            Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
        dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND 
        dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)    
        WScript.Echo "Maximum password age is " & dblMaxPwdDays & " days"

        If intTimeInterval >= dblMaxPwdDays Then
            WScript.Echo "The password has expired."
        Else
            WScript.Echo "The password will expire on " & _
              DateValue(dtmValue + dblMaxPwdDays) & " (" & _
              Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
        End If
    End If
End If
  
'--------------------------------------------------------------------------------------------  

Next

End If

 

----------COPY EVERYTHING ABOVE THIS LINE for the Script----------

 

PLEASE MAKE SURE NO WORD WRAPPING IS HAPPENING IN YOUR SCRIPT!!!

To make this script work you will need the items below!


1. Run this script as an Admin.
2. Change "LDAP://DC=DOMAIN NAME HERE,DC=com" to refelect your domain.
3. Change these lines to refelect your Active Directory implementation. (e.g., strContainer = "OU=Sales,OU=Users,OU=Building1,ou=newyork, ")


This information is provided "AS IS" with no warranties expressed or implied.