?
Solved

How to find Expired Users

Posted on 2006-11-27
6
Medium Priority
?
410 Views
Last Modified: 2008-01-09
I'm a Windows 2003 novice - paper MCSE on NT 4.0.  I'm in Network Engineering now - and usually hang out over there.  Hi ya'll.

Unfortunately, I have the responsibility of adding users to a domain which is used just for remote Internet Access through a company called iPass.  In a nut shell, I usually SSH into the server (maintained by the server group) and use a "net user /add *" command line to add them.

Because of some security B@#$4i+, I've had to create an auditing process whereby I now have to go in and set the accounts to expire as soon as I hear of someone leaving the company.

For example, if I get a notice that John Doe is leaving the company on 12/31/2006, I'll enter the command:

net user jdoe /expire:12/31/2006.  This will set his account to expire on that date.  All good.

However, in January, if I want to run a report to see all the users who stil have accounts, but are expired, how can I do this?  I don't see anything in the net user doc's and I don't see any options when looking at AT Users and Computers where there's a field for Account Expiration.

Thanks
0
Comment
Question by:pseudocyber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 18020450

Hey,

Been there and done that ;)

The VbScript at the bottom (to be saved as .vbs) will write a Tab Delimited Text file containing the Users ADSPath, Expiry Date and SAMAccountName (Username) called ExpiredAccounts.txt.

It's nice and straight-forward and does nothing more than tell you about them. You don't need to make any changes to the file itself, it just runs for the current AD Domain.

Chris


Option Explicit

Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRootDSE, objRecordSet, objUser, objFileSystem, objFile
Dim strADSPath
Dim dtmAccountExpires

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT aDSPath " &_
      " FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='user'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.CreateTextFile("ExpiredAccounts.txt")

On Error Resume Next
While Not objRecordSet.EOF
      strADSPath = objRecordSet.Fields("aDSPath")
      Set objUser = GetObject(strADSPath)
      dtmAccountExpires = CDate(objUser.AccountExpirationDate)

      If Year(dtmAccountExpires) > 1970 Then
            If dtmAccountExpires < Date() Then
                  objFile.WriteLine strADSPath & VbTab & dtmAccountExpires & VbTab & objUser.Get("sAMAccountName")
            End If
      End If
      objRecordSet.MoveNext
Wend
objConnection.Close

Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 1000 total points
ID: 18020468
If this is AD you can run a dsquery / dsget command something like this:

dsquery user | dsget user -fn -ln -acctexpires

If there are many users you can increase the limit by adding -limit 1000 say to the dsquery command.
Other than that you can use

net user username to return the username so it would be possible to write a script to parse that and give you a list of

username, expiry date

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18020474
Oops, refresh, refresh, refresh :-)
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 18020484

I know that feeling well :)

Chris
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question