Solved

How to find Expired Users

Posted on 2006-11-27
6
399 Views
Last Modified: 2008-01-09
I'm a Windows 2003 novice - paper MCSE on NT 4.0.  I'm in Network Engineering now - and usually hang out over there.  Hi ya'll.

Unfortunately, I have the responsibility of adding users to a domain which is used just for remote Internet Access through a company called iPass.  In a nut shell, I usually SSH into the server (maintained by the server group) and use a "net user /add *" command line to add them.

Because of some security B@#$4i+, I've had to create an auditing process whereby I now have to go in and set the accounts to expire as soon as I hear of someone leaving the company.

For example, if I get a notice that John Doe is leaving the company on 12/31/2006, I'll enter the command:

net user jdoe /expire:12/31/2006.  This will set his account to expire on that date.  All good.

However, in January, if I want to run a report to see all the users who stil have accounts, but are expired, how can I do this?  I don't see anything in the net user doc's and I don't see any options when looking at AT Users and Computers where there's a field for Account Expiration.

Thanks
0
Comment
Question by:pseudocyber
  • 2
  • 2
6 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 18020450

Hey,

Been there and done that ;)

The VbScript at the bottom (to be saved as .vbs) will write a Tab Delimited Text file containing the Users ADSPath, Expiry Date and SAMAccountName (Username) called ExpiredAccounts.txt.

It's nice and straight-forward and does nothing more than tell you about them. You don't need to make any changes to the file itself, it just runs for the current AD Domain.

Chris


Option Explicit

Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRootDSE, objRecordSet, objUser, objFileSystem, objFile
Dim strADSPath
Dim dtmAccountExpires

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT aDSPath " &_
      " FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='user'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile("ExpiredAccounts.txt")

On Error Resume Next
While Not objRecordSet.EOF
      strADSPath = objRecordSet.Fields("aDSPath")
      Set objUser = GetObject(strADSPath)
      dtmAccountExpires = CDate(objUser.AccountExpirationDate)

      If Year(dtmAccountExpires) > 1970 Then
            If dtmAccountExpires < Date() Then
                  objFile.WriteLine strADSPath & VbTab & dtmAccountExpires & VbTab & objUser.Get("sAMAccountName")
            End If
      End If
      objRecordSet.MoveNext
Wend
objConnection.Close

Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 18020468
If this is AD you can run a dsquery / dsget command something like this:

dsquery user | dsget user -fn -ln -acctexpires

If there are many users you can increase the limit by adding -limit 1000 say to the dsquery command.
Other than that you can use

net user username to return the username so it would be possible to write a script to parse that and give you a list of

username, expiry date

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18020474
Oops, refresh, refresh, refresh :-)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18020484

I know that feeling well :)

Chris
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question