Solved

Check age of network passwords

Posted on 2004-09-23
1
408 Views
Last Modified: 2012-05-05
I'm admin of a 2003 server and would like to get a list of users and the age of their passwords (but not the passwords themselves). Is there a query i can run to obtain this information? How many different ways can you find out the age of a password? What about finding out when the password will expire? This information is obviously stored since the server knows when to notify people that their password is expiring. Thanks!
0
Comment
Question by:carrp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 12156221
The command
net user <Username> /domain
in a command window will give you the necessary information.
Here's a small script (it's not fast, but it should work) that creates a comma-separated list of the user names, when the password was last set, and when it expires. Simply adjust the domain information and the log file definition at the beginning.

====8<----[UserPwd.cmd]----
@echo off
setlocal
set LogFile=C:\Temp\UserPwd.log
set DNRoot=dc=your,dc=domain,dc=local

>"%LogFile%" echo Username, Password last set, Password expires
for /f "skip=1" %%a in ('dsquery user "%DNRoot%" ^| dsget user -samid') do call :process %%a
goto leave

:process
set User=%1
if /i "%User%"=="dsget" goto :eof
:: *** Localization: the first number in the "tokens=" must be set to the number of words
:: *** before the dates in the "password last set" and "password expires" lines.
for /f "tokens=3*" %%a in ('net user %User% /domain ^| find /i "Password last set"') do set PwdLastSet=%%b
for /f "tokens=2*" %%a in ('net user %User% /domain ^| find /i "Password expires"') do set PwdExpires=%%b
echo %User%: %PwdLastSet%, %PwdExpires%
>>"%LogFile%" echo %User%,%PwdLastSet%,%PwdExpires%
goto :eof

:leave
====8<----[UserPwd.cmd]----
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question