Solved

Check age of network passwords

Posted on 2004-09-23
1
400 Views
Last Modified: 2012-05-05
I'm admin of a 2003 server and would like to get a list of users and the age of their passwords (but not the passwords themselves). Is there a query i can run to obtain this information? How many different ways can you find out the age of a password? What about finding out when the password will expire? This information is obviously stored since the server knows when to notify people that their password is expiring. Thanks!
0
Comment
Question by:carrp
1 Comment
 
LVL 82

Accepted Solution

by:
oBdA earned 250 total points
Comment Utility
The command
net user <Username> /domain
in a command window will give you the necessary information.
Here's a small script (it's not fast, but it should work) that creates a comma-separated list of the user names, when the password was last set, and when it expires. Simply adjust the domain information and the log file definition at the beginning.

====8<----[UserPwd.cmd]----
@echo off
setlocal
set LogFile=C:\Temp\UserPwd.log
set DNRoot=dc=your,dc=domain,dc=local

>"%LogFile%" echo Username, Password last set, Password expires
for /f "skip=1" %%a in ('dsquery user "%DNRoot%" ^| dsget user -samid') do call :process %%a
goto leave

:process
set User=%1
if /i "%User%"=="dsget" goto :eof
:: *** Localization: the first number in the "tokens=" must be set to the number of words
:: *** before the dates in the "password last set" and "password expires" lines.
for /f "tokens=3*" %%a in ('net user %User% /domain ^| find /i "Password last set"') do set PwdLastSet=%%b
for /f "tokens=2*" %%a in ('net user %User% /domain ^| find /i "Password expires"') do set PwdExpires=%%b
echo %User%: %PwdLastSet%, %PwdExpires%
>>"%LogFile%" echo %User%,%PwdLastSet%,%PwdExpires%
goto :eof

:leave
====8<----[UserPwd.cmd]----
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now