How can i find just users who dont have the Password never expires checked in just one OU. ADS

Hi,

How can i find just users who dont have the Password never expires checked in just one OU.
Scan all users in an OU and find just users who dont have this option checked.

Regards
Sharath
LVL 11
bsharathAsked:
Who is Participating?
 
Briguy_572Connect With a Mentor Commented:
sorry- i keep hitting the "submit" button when i mean to hit "attach file".

OU-Account-not-Expire-4.txt
0
 
wolfcamelCommented:
you can select all the users and then check this option and it will apply it to all the users (and not upset any other settings.
0
 
bsharathAuthor Commented:
But i just want to find who does not have it.

Any i need to leave is setting untoched for some and change for some...
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
sirbountyCommented:
You can try this - changing the path to your OU..
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
 
strADSPath = "LDAP://OU=YourOU,DC=Domain,DC=com"
Set colUsers = GetObject(strADSPath)
colUsers.Filter = Array("User")
 
For Each objUser in colUsers
   If objUser.UserFlags And ADS_UF_DONT_EXPIRE_PASSWD Then
        Wscript.Echo objUser.Name & ": Password not required."
    Else
        Wscript.Echo objUser.Name & ": Password required."
    End If
Next

Open in new window

0
 
Briguy_572Commented:
rename this file to .vbs
change line 23 to use the path to the OU you want to use.
run the file from the command line with starting with cscript.exe filename.
You can get the OU's distinguishedName from ADSI edit among other tools.
users-OU-Account-not-Expire.txt
0
 
bsharathAuthor Commented:
Sirbounty i get this

---------------------------
Windows Script Host
---------------------------
Script:      C:\Get Pass.vbs
Line:      8
Char:      4
Error:      Object doesn't support this property or method: 'objUser.UserFlags'
Code:      800A01B6
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
bsharathAuthor Commented:
Briguy_572

this seems to work but needresults to a file
And just users who have the password never expires box checked.
In times to change it to even query for unchecked
0
 
bsharathAuthor Commented:
Briguy_572

this seems to work but needresults to a file
And just users who have the password never expires box checked.
In times to change it to even query for unchecked
0
 
Briguy_572Commented:
this one outputs creates a log file that has the names of the accounts that do have the "password does not expire" check mark checked.
it currently is creating the file at the root of the c:\ --> you can change the path on line 10 (just make sure the path exists).  Dont forget to change line 26 to use your OU.

OU-Account-not-Expire-2.txt
0
 
Briguy_572Commented:
this one creates separate files for users that expire and users that dont expire - and puts a date and time stamp in the log file's name - this way you can have some sort of historical record (on this day, these accounts had it set to expire, today, these accounts, etc).  
I think the two log files is what you meant by "In times to change it to even query for unchecked".  Use the file you like.
dont forget ot change line 37 to use your domain.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.