Solved

domain password expire script

Posted on 2009-07-03
5
1,179 Views
Last Modified: 2012-08-13
i need a script that will tell me when all user domain passwors will expire, i have fous some but they are not working, i found this one but it tells me the name is worng. i need to set my password expire GPO and would like to know how many user will be effected
Option Explicit

 

	Call PwdExpiryInfo

 

Sub PwdExpiryInfo()

' Version 1.0

' Writen by Krystian Karia

' Dated 04/05/2009

 

' Gets a list of users from the group

' specified  and  then  checks  their

' Password Expiry date.

 

' NOTE: Script must be run in a CMD.exe

' window as: CScript.exe ScriptName.vbs

' This is due to the number of outputs

' that is created.

 

 

 

' Catch errors ourselves

' 	On Error Resume Next

 

' Declare Variables

	dim iTimeInterval, iMaxPwdAge

	Dim i, intUACvalue

	Dim dtmPwdChanged

	Dim objUserLDAP

	Dim arrMembers

 

	Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000	

	Const sGroup = "CN=Administrators,OU=Groups,DC=Domain,DC=local"	' < Spcify your group name here

 

 

 

' Get the list of users from the given group

	arrMembers = GetMembers(sGroup)

		If IsNull(arrMembers) Then

			ShowProgress "Check your group name or its member list"

			EndScript

		End If

		

' Loop each user to check password exiry date

	For i = 0 to UBound(arrMembers)

		If arrMembers(i) <> "" Then

			ShowProgress ""

 

			Set objUserLDAP = GetObject(arrMembers(i))

				intUACvalue = objUserLDAP.Get("userAccountControl")

			

			If intUACvalue And ADS_UF_DONT_EXPIRE_PASSWD Then

				ShowProgress objUserLDAP.sAMAccountName

				ShowProgress " Password does not expire"

			Else

				dtmPwdChanged = objUserLDAP.PasswordLastChanged 

				iTimeInterval = CInt(Now - dtmPwdChanged)

				iMaxPwdAge = GetMaxPwdAge

				

				

					ShowProgress objUserLDAP.sAMAccountName 

					ShowProgress " Password was last changed " & dtmPwdChanged

					ShowProgress " Which was " & iTimeInterval & " days ago"

 

				If iMaxPwdAge < 0 Then

					ShowProgress " Password does not expire (Domain Policy's Maximum Password Age set to 0)"

				Else

					ShowProgress " The Domain Policy Max Password Age is " & iMaxPwdAge & " Days"

		

					If iTimeInterval >= iMaxPwdAge Then

						ShowProgress " The password has expired."

					Else

						ShowProgress " The password will expire in " & CInt((dtmPwdChanged + iMaxPwdAge) - Now()) & " Days"

					End If

				

				End If 'iMaxPwdAge

			End If 'intUACvalue

 

		End If 

	Next ' arrMembers

 

End Sub ' PwdExpiryInfo

 

 

Function GetMembers(strGroup)

' Version 1.4

' Written by Krystian Karia

' Dated 04/05/2009

 

' Returns the LDAP path of each

' user from the given group

 

' Catch errors ourselves

 	On Error Resume Next

 

' Declare variables

    Dim oGroup, oUser

    Dim strName

    Dim arrUsers

    

' Check parameters

	    If strGroup = "" Then

			GetMembers = Null

	        Exit Function

	    End If

 

' Bind to group using the correct ADSI connector

    Set oGroup = GetObject("LDAP://" & strGroup)

		If Err.Number <> 0 Then

			Err.Clear

			ShowProgress "An error occured binding to the group " & strGroup

			GetMembers = Null

        	Exit Function

		End If

 

 

' Loop group members

		For Each oUser In oGroup.Members

	        strName = strName & oUser.ADsPath & vbNewLine

	    Next

 

' Create an array of members

		If Trim(strName) <> "" Then

			arrUsers = Split(strName, vbNewLine)

			GetMembers = arrUsers

		Else

			GetMembers = Null

		End If

 

	Err.Clear

 

 End Function ' GetMembers

 

 

Function GetMaxPwdAge()

' Version 1.0

 

' Returns the Maximum Password Age

' which is usually  set in the GPO

' named "Default Domain Policy"

 

' Catch errors ourselves

 	On Error Resume Next

 

' Declare Variables

	Dim oRootDSE, oDomain, oMaxPwdAge

	Dim lngHighPart, lngLowPart

	Dim strDomainDN

 

' Get the current Domain DN

	Set oRootDSE = GetObject("LDAP://RootDSE")

		strDomainDN = oRootDSE.Get("DefaultNamingContext")

 

' Bind to current Domain

	Set oDomain = GetObject("LDAP://" & strDomainDN)

		Set oMaxPwdAge = oDomain.MaxPwdAge

 

' Get the 2 parts of the Integer8 value to get 2 32 bit values

	lngHighPart = oMaxPwdAge.HighPart

	lngLowPart = oMaxPwdAge.LowPart

 

' If the LowPart is less than 0 then we ned to add 1 to the HighPart

		If (lngLowPart < 0) Then

			lngHighPart = lngHighPart + 1

		End If

	

' Return the value in Days

		GetMaxPwdAge = -((lngHighPart * 2^32) + lngLowPart)/(600000000 * 1440)

 

 

End Function ' GetMaxPwdAge

 

 

Sub ShowProgress(sComment)

 

	WScript.Echo sComment

 

End Sub

 

Sub EndScript

 

	WScript.Quit

	

End Sub

Open in new window

0
Comment
Question by:Cecilpierce
  • 4
5 Comments
 
LVL 14

Accepted Solution

by:
Shabarinath Ramadasan earned 500 total points
Comment Utility
I would prefer using POWERSHELL herer.
Install quest Powershell for Activedirectory

Use this commnad
Get-QADUser |select-object displayname, passwordstatus

Cheerio
Shaba
Get-QADUser |select-object displayname, passwordstatus

Open in new window

0
 

Author Comment

by:Cecilpierce
Comment Utility
sorry did know you replied, i tried to run your command but gut and error



Windows PowerShell
Copyright (C) 2006 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-QADUser |select-object displayname, passwordstatus
The term 'Get-QADUser' is not recognized as a cmdlet, function, operable progra
m, or script file. Verify the term and try again.
At line:1 char:12
+ Get-QADUser  <<<< |select-object displayname, passwordstatus
PS C:\WINDOWS\system32>

0
 

Author Comment

by:Cecilpierce
Comment Utility
perfect got it working! thank you so much
0
 

Author Closing Comment

by:Cecilpierce
Comment Utility
just never used power shell, but i got it now
0
 

Author Comment

by:Cecilpierce
Comment Utility
i need some clairafacation on this command, yes it did return the value of when the passwords expire for some users but not all users! it only shows for the months from present date to november. any ideas as why to this
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now