asked on
Password Notify script not behaving
passwordNotify.vbs is a script I am sure many have seen. it is located at:
http://www.gelmir.com/index.php?option=com_content&task=view&id=7&Itemid=8
The script runs great... except it only runs through the users that start with "A" whose passwords expired before January 1st! (We keep user accounts around for compliance reasons).
I pretty much used the script as is from the site listed above, and the instructions seem to be pretty clear that this should return all users whose accounts are either expired or will expire within 14 days.
As a follow up, it appears the script ends with this displayed:
C:\passwordNotify.vbs(156,
http://www.gelmir.com/index.php?option=com_content&task=view&id=7&Itemid=8
The script runs great... except it only runs through the users that start with "A" whose passwords expired before January 1st! (We keep user accounts around for compliance reasons).
I pretty much used the script as is from the site listed above, and the instructions seem to be pretty clear that this should return all users whose accounts are either expired or will expire within 14 days.
As a follow up, it appears the script ends with this displayed:
C:\passwordNotify.vbs(156,
Scripting LanguagesMicrosoft Server OSWindows Server 2003
Last Comment
Chris Dent
ASKER
hERE IT IS:
'=========================
'
' NAME: passwordNotify.vbs
'
' AUTHOR: Eric Aarts
' DATE : 7/21/2006
'
' COMMENT: Checks the age of the password against the maximum age set in
' the domain. Sends a out an email to the user based on the age.
'
' VERSION: 1.1
'
' LOG: 1.0 - Initial release
' 1.1 - 9/12/2006
' Fixed notification for default Windows 2003 settings
' where .lowPart=0
'
'=========================
Option Explicit
'Check the arguments
If WScript.Arguments.Count <> 5 Then
WScript.Echo "USAGE: cscript passwordNotify.vbs <SearchBase> <BindServer> <SendMail> <From Address> <SMTP Server>" & Chr(10) & _
"EXAMPLE: cscript passwordNotify.vbs ""DC=mydomain,DC=com"" myDC.mydomain.com TRUE me@mydomain.com smtp.mydomain.com"
WScript.Quit
End If
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const strSubject = "Password Expiration warning."
Call Main
Sub Main
Dim dblMaxAge
Dim dtmLastPwdChange
Dim intTimeInterval,intExpireD
Dim objCMD,objADConn,ObjResult
Dim strDomain, strLDAPServer
Dim strAttributes,strFilter,st
Dim strSendMail
Dim objMessage, strFrom, strTo, strSMTPServer, strBody
strDomain = replace(WScript.Arguments(
strLDAPServer = WScript.Arguments(1)
strSendMail = WScript.Arguments(2)
strFrom = WScript.Arguments(3)
strSMTPServer = WScript.Arguments(4)
dblMaxAge = getMaxPwdAge(strDomain)
'Create an AD connection object to query the AD
Set objADConn = Wscript.CreateObject ("ADODB.Connection")
objADConn.Provider = "ADsDSOObject"
'Open the Connection Object
objADConn.Open "Active Directory Provider"
'Create the command object
Set objCmd = Wscript.CreateObject ("ADODB.Command")
objCmd.ActiveConnection = objADConn
'Set Attributes to return
strAttributes = "distinguishedName,mail"
'Set the filter to only return enabled account with a know email address that don't have passwords set that will never expire.
strFilter = "(&(objectClass=User)(obje
'Create the querystring
strQuery = "<LDAP://" & strLDAPServer & "/" & strDomain & ">;" & strFilter & ";" & strAttributes & ";subtree"
'Execute the query
objCmd.CommandText = strQuery
Set objResult = objCmd.Execute
'Run through the results
Do While Not objResult.EOF
strBody = ""
strTo = ""
On Error Resume next
dtmLastPwdChange = getPwdLastChanged(objResul
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo objResult.fields("distingh
Else
On Error goto 0
intExpireDays = Int(dblMaxAge - Int((Now - dtmLastPwdChange)))
Select Case intExpireDays
Case 0
strBody = composeBody("Your password has already expired!",ObjResult.Fields
Case 1
strBody = composeBody("Your password will expire in " & intExpireDays & " day!",ObjResult.Fields("di
Case 2,3,4,5,6,7
strBody = composeBody("Your password will expire in " & intExpireDays & " days.",ObjResult.Fields("d
Case 14
strBody = composeBody("Your password will expire in " & intExpireDays & " days.",ObjResult.Fields("d
Case Else
If intExpireDays < 0 Then
strBody = composeBody("Your password has already expired!",ObjResult.Fields
End if
End Select
If strBody <> "" Then
If UCase(strSendMail="TRUE") Then
strTo = ObjResult.Fields("mail")
Set objMessage = CreateObject("CDO.Message"
objMessage.From = strFrom
objMessage.To = strTo
objMessage.Subject = strSubject
objMessage.Textbody = strBody
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Fields("urn:sch
objMessage.Fields.Update
objMessage.Send
Set objMessage = Nothing
WScript.Echo "Mail sent to: " & strTo
Else
WScript.Echo ObjResult.Fields("distingu
End If
End if
End If
objResult.MoveNext
Loop
'clean up
objResult.close
objADConn.Close
Set objResult = Nothing
Set objADConn = Nothing
Set objCMD=Nothing
End Sub
Function getPwdLastChanged(strDN)
Dim objUser
Set objUser = GetObject("LDAP://" & strDN)
getPwdLastChanged = objUser.PasswordLastChange
Set objUser = Nothing
End Function
Function getMaxPwdAge(strDomain)
Dim objDomain,objMaxPwdAge
Set objDomain = GetObject("LDAP://" & strDomain)
Set objMaxPwdAge = objDomain.Get("maxPwdAge")
if objMaxPwdAge.lowPart = 0 and objMaxPwdAge.highPart = -2147483648 then
WScript.Echo "The domain does not have password expiration set."
WScript.Quit
End If
getMaxPwdAge = (Int(Abs(objMaxPwdAge.High
Set objMaxPwdAge = Nothing
End Function
Function composeBody(strWarning,str
Dim objUser
Dim strText
Set objUser = GetObject("LDAP://" & strDN)
If objUser.givenName <> "" Then
strText = "Hi " & objUser.givenName & "," & vblf & vblf
End If
strText = strText & "We would like to warn you that your password will expire soon, " & _
"please follow the instructions later in this message to make sure there will " & _
"be no interuption to your network access." & vblf & vblf & _
strWarning & vblf & vblf & _
"Please go to this website: www.changemypassword.com to change your password."
Set objUser = Nothing
composeBody = strText
End Function
'=========================
'
' NAME: passwordNotify.vbs
'
' AUTHOR: Eric Aarts
' DATE : 7/21/2006
'
' COMMENT: Checks the age of the password against the maximum age set in
' the domain. Sends a out an email to the user based on the age.
'
' VERSION: 1.1
'
' LOG: 1.0 - Initial release
' 1.1 - 9/12/2006
' Fixed notification for default Windows 2003 settings
' where .lowPart=0
'
'=========================
Option Explicit
'Check the arguments
If WScript.Arguments.Count <> 5 Then
WScript.Echo "USAGE: cscript passwordNotify.vbs <SearchBase> <BindServer> <SendMail> <From Address> <SMTP Server>" & Chr(10) & _
"EXAMPLE: cscript passwordNotify.vbs ""DC=mydomain,DC=com"" myDC.mydomain.com TRUE me@mydomain.com smtp.mydomain.com"
WScript.Quit
End If
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const strSubject = "Password Expiration warning."
Call Main
Sub Main
Dim dblMaxAge
Dim dtmLastPwdChange
Dim intTimeInterval,intExpireD
Dim objCMD,objADConn,ObjResult
Dim strDomain, strLDAPServer
Dim strAttributes,strFilter,st
Dim strSendMail
Dim objMessage, strFrom, strTo, strSMTPServer, strBody
strDomain = replace(WScript.Arguments(
strLDAPServer = WScript.Arguments(1)
strSendMail = WScript.Arguments(2)
strFrom = WScript.Arguments(3)
strSMTPServer = WScript.Arguments(4)
dblMaxAge = getMaxPwdAge(strDomain)
'Create an AD connection object to query the AD
Set objADConn = Wscript.CreateObject ("ADODB.Connection")
objADConn.Provider = "ADsDSOObject"
'Open the Connection Object
objADConn.Open "Active Directory Provider"
'Create the command object
Set objCmd = Wscript.CreateObject ("ADODB.Command")
objCmd.ActiveConnection = objADConn
'Set Attributes to return
strAttributes = "distinguishedName,mail"
'Set the filter to only return enabled account with a know email address that don't have passwords set that will never expire.
strFilter = "(&(objectClass=User)(obje
'Create the querystring
strQuery = "<LDAP://" & strLDAPServer & "/" & strDomain & ">;" & strFilter & ";" & strAttributes & ";subtree"
'Execute the query
objCmd.CommandText = strQuery
Set objResult = objCmd.Execute
'Run through the results
Do While Not objResult.EOF
strBody = ""
strTo = ""
On Error Resume next
dtmLastPwdChange = getPwdLastChanged(objResul
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo objResult.fields("distingh
Else
On Error goto 0
intExpireDays = Int(dblMaxAge - Int((Now - dtmLastPwdChange)))
Select Case intExpireDays
Case 0
strBody = composeBody("Your password has already expired!",ObjResult.Fields
Case 1
strBody = composeBody("Your password will expire in " & intExpireDays & " day!",ObjResult.Fields("di
Case 2,3,4,5,6,7
strBody = composeBody("Your password will expire in " & intExpireDays & " days.",ObjResult.Fields("d
Case 14
strBody = composeBody("Your password will expire in " & intExpireDays & " days.",ObjResult.Fields("d
Case Else
If intExpireDays < 0 Then
strBody = composeBody("Your password has already expired!",ObjResult.Fields
End if
End Select
If strBody <> "" Then
If UCase(strSendMail="TRUE") Then
strTo = ObjResult.Fields("mail")
Set objMessage = CreateObject("CDO.Message"
objMessage.From = strFrom
objMessage.To = strTo
objMessage.Subject = strSubject
objMessage.Textbody = strBody
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Configuration.F
objMessage.Fields("urn:sch
objMessage.Fields.Update
objMessage.Send
Set objMessage = Nothing
WScript.Echo "Mail sent to: " & strTo
Else
WScript.Echo ObjResult.Fields("distingu
End If
End if
End If
objResult.MoveNext
Loop
'clean up
objResult.close
objADConn.Close
Set objResult = Nothing
Set objADConn = Nothing
Set objCMD=Nothing
End Sub
Function getPwdLastChanged(strDN)
Dim objUser
Set objUser = GetObject("LDAP://" & strDN)
getPwdLastChanged = objUser.PasswordLastChange
Set objUser = Nothing
End Function
Function getMaxPwdAge(strDomain)
Dim objDomain,objMaxPwdAge
Set objDomain = GetObject("LDAP://" & strDomain)
Set objMaxPwdAge = objDomain.Get("maxPwdAge")
if objMaxPwdAge.lowPart = 0 and objMaxPwdAge.highPart = -2147483648 then
WScript.Echo "The domain does not have password expiration set."
WScript.Quit
End If
getMaxPwdAge = (Int(Abs(objMaxPwdAge.High
Set objMaxPwdAge = Nothing
End Function
Function composeBody(strWarning,str
Dim objUser
Dim strText
Set objUser = GetObject("LDAP://" & strDN)
If objUser.givenName <> "" Then
strText = "Hi " & objUser.givenName & "," & vblf & vblf
End If
strText = strText & "We would like to warn you that your password will expire soon, " & _
"please follow the instructions later in this message to make sure there will " & _
"be no interuption to your network access." & vblf & vblf & _
strWarning & vblf & vblf & _
"Please go to this website: www.changemypassword.com to change your password."
Set objUser = Nothing
composeBody = strText
End Function
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
OK, that resulted in a stop at a user, and a new error:
C:\passwordNotify.vbs(160,
C:\passwordNotify.vbs(160,
ASKER
AHA!!
The script does not like OUs with slashes in the name. I removed all slashed from my OUs and now it runs perfectly! Thanks for helping track this down!
The script does not like OUs with slashes in the name. I removed all slashed from my OUs and now it runs perfectly! Thanks for helping track this down!
That'd do it :)
Glad you have it sorted out :)
Chris
Would you mind posting the full script you're using? Makes life easier :)
The Null error you're getting will be why it's not going beyond A, it just needs a little error control in there to get by and it's easier to glue that into what you have than assemble the script again from the article concerned.
Chris