Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VB Script to set password never expires attribute

Posted on 2009-05-19
8
Medium Priority
?
2,992 Views
Last Modified: 2012-05-07
I need a VB Script to set password never expires attribute for all user accounts in active directory.
0
Comment
Question by:bbanis2k
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 12

Expert Comment

by:zoofan
ID: 24422776
Hello,

edit line 10 to reflect the correct domain.

strBase = "<LDAP://DC=domain,DC=local>"

zf
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
cn = "*"
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://DC=domain,DC=local>"
strFilter = "(&(objectCategory=person)(objectClass=user)(cn=" & cn & "))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName")		
		Set objUser = GetObject("LDAP://" & strDN)
		intUAC = objUser.Get("userAccountControl")	 
		If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
		    'Do Nothing
		Else
		    objUser.Put "userAccountControl", intUAC XOR _
		        ADS_UF_DONT_EXPIRE_PASSWD
		    objUser.SetInfo
		End If
    objRecordSet.MoveNext
Loop
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing

Open in new window

0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 2000 total points
ID: 24422783
It would be easier to do it with this command:
dsquery user -limit 0|dsmod user -pwdneverexpires yes

Run it on a 2003 server or an XP workstation with the adminpak installed.
0
 
LVL 3

Expert Comment

by:Cameron_S
ID: 24422799
This is what I found from Microsoft, albeit with a little modifying on my end:


Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUser = GetObject ("LDAP://cn=JohnDoe,ou=YourOU,dc=Your,dc=Domain,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If intUAC AND ADS_UF_DONT_EXPIRE_PASSWD Then
objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.SetInfo
End If

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bbanis2k
ID: 24422886
Zoofan: Error on line 22. Null

Shift-3: This is a 2008 EBS environment

Cameron: That is per user account.
0
 
LVL 12

Expert Comment

by:zoofan
ID: 24423068
Hello, be sure your domain name is ocrrect in line 10.  Sorry as I do not have a 08 server to test with but set correctly works good in 03.

zf
0
 
LVL 3

Expert Comment

by:Cameron_S
ID: 24423373
Are all user accounts within a single OU? Are they within the Users OU (which is technically a CN, so that may be where errors a popping up)?
0
 

Author Closing Comment

by:bbanis2k
ID: 31583007
Downloaded to my XP laptop...and it worked!  Yeah!
0
 
LVL 3

Expert Comment

by:Cameron_S
ID: 24423610
Alright, here you go, I managed to merge the two together. Make sure you change the objCommand = CommandText = to match your schema!

Basically, it searches your Domain (Replace DOMAIN and COM with your Domain information respectively - make sure you follow the FQDN format that the script uses) and finds all users who do not have the Password Does Not Expire flag set. It then sets that user so that the password does not expire and moves on to the next record.

Hope this helps!

Cheers,
Cameron

Original Source From: http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0829.mspx
On Error Resume Next
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
 
objCommand.CommandText = "<LDAP://dc=DOMAIN,dc=COM>;" & "(&(objectCategory=User)(!(userAccountControl:1.2.840.113556.1.4.803:=65536)));" & "Name,cn,AdsPath;Subtree"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
	Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)
	intUAC = objUser.Get("userAccountControl")
	objUser.Put "userAccountControl", intUAC XOR ADS_UF_DONT_EXPIRE_PASSWD
	objUser.SetInfo
	objRecordSet.MoveNext
Loop

Open in new window

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question