Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

domain password expire script

Posted on 2009-07-03
5
1,182 Views
Last Modified: 2012-08-13
i need a script that will tell me when all user domain passwors will expire, i have fous some but they are not working, i found this one but it tells me the name is worng. i need to set my password expire GPO and would like to know how many user will be effected
Option Explicit
 
	Call PwdExpiryInfo
 
Sub PwdExpiryInfo()
' Version 1.0
' Writen by Krystian Karia
' Dated 04/05/2009
 
' Gets a list of users from the group
' specified  and  then  checks  their
' Password Expiry date.
 
' NOTE: Script must be run in a CMD.exe
' window as: CScript.exe ScriptName.vbs
' This is due to the number of outputs
' that is created.
 
 
 
' Catch errors ourselves
' 	On Error Resume Next
 
' Declare Variables
	dim iTimeInterval, iMaxPwdAge
	Dim i, intUACvalue
	Dim dtmPwdChanged
	Dim objUserLDAP
	Dim arrMembers
 
	Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000	
	Const sGroup = "CN=Administrators,OU=Groups,DC=Domain,DC=local"	' < Spcify your group name here
 
 
 
' Get the list of users from the given group
	arrMembers = GetMembers(sGroup)
		If IsNull(arrMembers) Then
			ShowProgress "Check your group name or its member list"
			EndScript
		End If
		
' Loop each user to check password exiry date
	For i = 0 to UBound(arrMembers)
		If arrMembers(i) <> "" Then
			ShowProgress ""
 
			Set objUserLDAP = GetObject(arrMembers(i))
				intUACvalue = objUserLDAP.Get("userAccountControl")
			
			If intUACvalue And ADS_UF_DONT_EXPIRE_PASSWD Then
				ShowProgress objUserLDAP.sAMAccountName
				ShowProgress " Password does not expire"
			Else
				dtmPwdChanged = objUserLDAP.PasswordLastChanged 
				iTimeInterval = CInt(Now - dtmPwdChanged)
				iMaxPwdAge = GetMaxPwdAge
				
				
					ShowProgress objUserLDAP.sAMAccountName 
					ShowProgress " Password was last changed " & dtmPwdChanged
					ShowProgress " Which was " & iTimeInterval & " days ago"
 
				If iMaxPwdAge < 0 Then
					ShowProgress " Password does not expire (Domain Policy's Maximum Password Age set to 0)"
				Else
					ShowProgress " The Domain Policy Max Password Age is " & iMaxPwdAge & " Days"
		
					If iTimeInterval >= iMaxPwdAge Then
						ShowProgress " The password has expired."
					Else
						ShowProgress " The password will expire in " & CInt((dtmPwdChanged + iMaxPwdAge) - Now()) & " Days"
					End If
				
				End If 'iMaxPwdAge
			End If 'intUACvalue
 
		End If 
	Next ' arrMembers
 
End Sub ' PwdExpiryInfo
 
 
Function GetMembers(strGroup)
' Version 1.4
' Written by Krystian Karia
' Dated 04/05/2009
 
' Returns the LDAP path of each
' user from the given group
 
' Catch errors ourselves
 	On Error Resume Next
 
' Declare variables
    Dim oGroup, oUser
    Dim strName
    Dim arrUsers
    
' Check parameters
	    If strGroup = "" Then
			GetMembers = Null
	        Exit Function
	    End If
 
' Bind to group using the correct ADSI connector
    Set oGroup = GetObject("LDAP://" & strGroup)
		If Err.Number <> 0 Then
			Err.Clear
			ShowProgress "An error occured binding to the group " & strGroup
			GetMembers = Null
        	Exit Function
		End If
 
 
' Loop group members
		For Each oUser In oGroup.Members
	        strName = strName & oUser.ADsPath & vbNewLine
	    Next
 
' Create an array of members
		If Trim(strName) <> "" Then
			arrUsers = Split(strName, vbNewLine)
			GetMembers = arrUsers
		Else
			GetMembers = Null
		End If
 
	Err.Clear
 
 End Function ' GetMembers
 
 
Function GetMaxPwdAge()
' Version 1.0
 
' Returns the Maximum Password Age
' which is usually  set in the GPO
' named "Default Domain Policy"
 
' Catch errors ourselves
 	On Error Resume Next
 
' Declare Variables
	Dim oRootDSE, oDomain, oMaxPwdAge
	Dim lngHighPart, lngLowPart
	Dim strDomainDN
 
' Get the current Domain DN
	Set oRootDSE = GetObject("LDAP://RootDSE")
		strDomainDN = oRootDSE.Get("DefaultNamingContext")
 
' Bind to current Domain
	Set oDomain = GetObject("LDAP://" & strDomainDN)
		Set oMaxPwdAge = oDomain.MaxPwdAge
 
' Get the 2 parts of the Integer8 value to get 2 32 bit values
	lngHighPart = oMaxPwdAge.HighPart
	lngLowPart = oMaxPwdAge.LowPart
 
' If the LowPart is less than 0 then we ned to add 1 to the HighPart
		If (lngLowPart < 0) Then
			lngHighPart = lngHighPart + 1
		End If
	
' Return the value in Days
		GetMaxPwdAge = -((lngHighPart * 2^32) + lngLowPart)/(600000000 * 1440)
 
 
End Function ' GetMaxPwdAge
 
 
Sub ShowProgress(sComment)
 
	WScript.Echo sComment
 
End Sub
 
Sub EndScript
 
	WScript.Quit
	
End Sub

Open in new window

0
Comment
Question by:Cecilpierce
  • 4
5 Comments
 
LVL 14

Accepted Solution

by:
Shabarinath Ramadasan earned 500 total points
ID: 24776935
I would prefer using POWERSHELL herer.
Install quest Powershell for Activedirectory

Use this commnad
Get-QADUser |select-object displayname, passwordstatus

Cheerio
Shaba
Get-QADUser |select-object displayname, passwordstatus

Open in new window

0
 

Author Comment

by:Cecilpierce
ID: 24827633
sorry did know you replied, i tried to run your command but gut and error



Windows PowerShell
Copyright (C) 2006 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-QADUser |select-object displayname, passwordstatus
The term 'Get-QADUser' is not recognized as a cmdlet, function, operable progra
m, or script file. Verify the term and try again.
At line:1 char:12
+ Get-QADUser  <<<< |select-object displayname, passwordstatus
PS C:\WINDOWS\system32>

0
 

Author Comment

by:Cecilpierce
ID: 24828120
perfect got it working! thank you so much
0
 

Author Closing Comment

by:Cecilpierce
ID: 31599670
just never used power shell, but i got it now
0
 

Author Comment

by:Cecilpierce
ID: 24862876
i need some clairafacation on this command, yes it did return the value of when the passwords expire for some users but not all users! it only shows for the months from present date to november. any ideas as why to this
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question