?
Solved

Check age of network passwords

Posted on 2004-09-23
1
Medium Priority
?
410 Views
Last Modified: 2012-05-05
I'm admin of a 2003 server and would like to get a list of users and the age of their passwords (but not the passwords themselves). Is there a query i can run to obtain this information? How many different ways can you find out the age of a password? What about finding out when the password will expire? This information is obviously stored since the server knows when to notify people that their password is expiring. Thanks!
0
Comment
Question by:carrp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 12156221
The command
net user <Username> /domain
in a command window will give you the necessary information.
Here's a small script (it's not fast, but it should work) that creates a comma-separated list of the user names, when the password was last set, and when it expires. Simply adjust the domain information and the log file definition at the beginning.

====8<----[UserPwd.cmd]----
@echo off
setlocal
set LogFile=C:\Temp\UserPwd.log
set DNRoot=dc=your,dc=domain,dc=local

>"%LogFile%" echo Username, Password last set, Password expires
for /f "skip=1" %%a in ('dsquery user "%DNRoot%" ^| dsget user -samid') do call :process %%a
goto leave

:process
set User=%1
if /i "%User%"=="dsget" goto :eof
:: *** Localization: the first number in the "tokens=" must be set to the number of words
:: *** before the dates in the "password last set" and "password expires" lines.
for /f "tokens=3*" %%a in ('net user %User% /domain ^| find /i "Password last set"') do set PwdLastSet=%%b
for /f "tokens=2*" %%a in ('net user %User% /domain ^| find /i "Password expires"') do set PwdExpires=%%b
echo %User%: %PwdLastSet%, %PwdExpires%
>>"%LogFile%" echo %User%,%PwdLastSet%,%PwdExpires%
goto :eof

:leave
====8<----[UserPwd.cmd]----
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question