[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to find Expired Users

Posted on 2006-11-27
6
Medium Priority
?
416 Views
Last Modified: 2008-01-09
I'm a Windows 2003 novice - paper MCSE on NT 4.0.  I'm in Network Engineering now - and usually hang out over there.  Hi ya'll.

Unfortunately, I have the responsibility of adding users to a domain which is used just for remote Internet Access through a company called iPass.  In a nut shell, I usually SSH into the server (maintained by the server group) and use a "net user /add *" command line to add them.

Because of some security B@#$4i+, I've had to create an auditing process whereby I now have to go in and set the accounts to expire as soon as I hear of someone leaving the company.

For example, if I get a notice that John Doe is leaving the company on 12/31/2006, I'll enter the command:

net user jdoe /expire:12/31/2006.  This will set his account to expire on that date.  All good.

However, in January, if I want to run a report to see all the users who stil have accounts, but are expired, how can I do this?  I don't see anything in the net user doc's and I don't see any options when looking at AT Users and Computers where there's a field for Account Expiration.

Thanks
0
Comment
Question by:pseudocyber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 18020450

Hey,

Been there and done that ;)

The VbScript at the bottom (to be saved as .vbs) will write a Tab Delimited Text file containing the Users ADSPath, Expiry Date and SAMAccountName (Username) called ExpiredAccounts.txt.

It's nice and straight-forward and does nothing more than tell you about them. You don't need to make any changes to the file itself, it just runs for the current AD Domain.

Chris


Option Explicit

Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRootDSE, objRecordSet, objUser, objFileSystem, objFile
Dim strADSPath
Dim dtmAccountExpires

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT aDSPath " &_
      " FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='user'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile("ExpiredAccounts.txt")

On Error Resume Next
While Not objRecordSet.EOF
      strADSPath = objRecordSet.Fields("aDSPath")
      Set objUser = GetObject(strADSPath)
      dtmAccountExpires = CDate(objUser.AccountExpirationDate)

      If Year(dtmAccountExpires) > 1970 Then
            If dtmAccountExpires < Date() Then
                  objFile.WriteLine strADSPath & VbTab & dtmAccountExpires & VbTab & objUser.Get("sAMAccountName")
            End If
      End If
      objRecordSet.MoveNext
Wend
objConnection.Close

Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 1000 total points
ID: 18020468
If this is AD you can run a dsquery / dsget command something like this:

dsquery user | dsget user -fn -ln -acctexpires

If there are many users you can increase the limit by adding -limit 1000 say to the dsquery command.
Other than that you can use

net user username to return the username so it would be possible to write a script to parse that and give you a list of

username, expiry date

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18020474
Oops, refresh, refresh, refresh :-)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18020484

I know that feeling well :)

Chris
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question