Solved

How to find Expired Users

Posted on 2006-11-27
6
391 Views
Last Modified: 2008-01-09
I'm a Windows 2003 novice - paper MCSE on NT 4.0.  I'm in Network Engineering now - and usually hang out over there.  Hi ya'll.

Unfortunately, I have the responsibility of adding users to a domain which is used just for remote Internet Access through a company called iPass.  In a nut shell, I usually SSH into the server (maintained by the server group) and use a "net user /add *" command line to add them.

Because of some security B@#$4i+, I've had to create an auditing process whereby I now have to go in and set the accounts to expire as soon as I hear of someone leaving the company.

For example, if I get a notice that John Doe is leaving the company on 12/31/2006, I'll enter the command:

net user jdoe /expire:12/31/2006.  This will set his account to expire on that date.  All good.

However, in January, if I want to run a report to see all the users who stil have accounts, but are expired, how can I do this?  I don't see anything in the net user doc's and I don't see any options when looking at AT Users and Computers where there's a field for Account Expiration.

Thanks
0
Comment
Question by:pseudocyber
  • 2
  • 2
6 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 18020450

Hey,

Been there and done that ;)

The VbScript at the bottom (to be saved as .vbs) will write a Tab Delimited Text file containing the Users ADSPath, Expiry Date and SAMAccountName (Username) called ExpiredAccounts.txt.

It's nice and straight-forward and does nothing more than tell you about them. You don't need to make any changes to the file itself, it just runs for the current AD Domain.

Chris


Option Explicit

Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRootDSE, objRecordSet, objUser, objFileSystem, objFile
Dim strADSPath
Dim dtmAccountExpires

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT aDSPath " &_
      " FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='user'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile("ExpiredAccounts.txt")

On Error Resume Next
While Not objRecordSet.EOF
      strADSPath = objRecordSet.Fields("aDSPath")
      Set objUser = GetObject(strADSPath)
      dtmAccountExpires = CDate(objUser.AccountExpirationDate)

      If Year(dtmAccountExpires) > 1970 Then
            If dtmAccountExpires < Date() Then
                  objFile.WriteLine strADSPath & VbTab & dtmAccountExpires & VbTab & objUser.Get("sAMAccountName")
            End If
      End If
      objRecordSet.MoveNext
Wend
objConnection.Close

Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 18020468
If this is AD you can run a dsquery / dsget command something like this:

dsquery user | dsget user -fn -ln -acctexpires

If there are many users you can increase the limit by adding -limit 1000 say to the dsquery command.
Other than that you can use

net user username to return the username so it would be possible to write a script to parse that and give you a list of

username, expiry date

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18020474
Oops, refresh, refresh, refresh :-)
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18020484

I know that feeling well :)

Chris
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Learn about cloud computing and its benefits for small business owners.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now