Password Age Script
I been using this script in enviroment for so long. It work quite well in WindowsServer 2003. While after migrate to Windows Server 2008, I felt that the script not work as before. The script will stop to work and when i try to delete the output file,it will appear as screenshot. What I have to do is to restart the server so that I can delete the output files (txt file)and create a new one then start the tun the script again (schedule using task schedule). One more thing thatI found when the script run the query of password age, and when time to send an email notification, it will failed for those who don't email address at AD User account properties. if this problem occur, the script will stop to check others AD Users.
It is possible to let scripts to query AD USER with mailbox enabled only? or if there is another script (powershell) which able to send notification to user, able to produce output file then send the file to administrator, kindly share.
It is possible to let scripts to query AD USER with mailbox enabled only? or if there is another script (powershell) which able to send notification to user, able to produce output file then send the file to administrator, kindly share.
' John Savill 8th June 2005
' Runs check on last password change date
'
Option Explicit
Dim objCommand, objConnection, objChild, objUserConnection, strBase, strFilter, strAttributes, objRootDSEstrPasswordChangeDate, intPassAge
Dim lngTZBias, objPwdLastSet, strEmailAddress, objMessage
Dim objShell, lngBiasKey, k, PasswordExpiry, strRootDomain
Dim strQuery, objRecordset, strName, strCN, objLogfile, objFSO
Dim oWshShell : Set oWshShell = CreateObject("WScript.Shell")
Dim strNoOfDays
Dim objRootDSE, strPasswordChangeDate
' ********************* CHANGE THESE VALUES TO PASSWORD EXPIRY AND ROOT OF WHERE USERS WILL BE SEARCHED ***********************************
PasswordExpiry=90
'strRootDomain="dc=sapura,dc=com"
Set objRootDSE = GetObject("LDAP://RootDSE")
strRootDomain = objRootDSE.get("defaultNamingContext")
' *****************************************************************************************************************************************
'create logfile
Const ForWriting = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.CreateTextFile("PasswordExpirelog.txt", _
ForWriting, True)
'objLogFile.Writeline "List of users With Password That Nearly Expire"
objLogFile.Writeline "*********************************************"
objLogFile.Writeline
' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
lngTZBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
lngTZBias = 0
For k = 0 To UBound(lngBiasKey)
lngTZBias = lngTZBias + (lngBiasKey(k) * 256^k)
Next
End If
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strRootDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user))"
strFilter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(!mail=SystemMailbox{1774B3FC-F88F-4B94-BE49-E23BF6796401}@sapura.com.my))"
strAttributes = "displayName,cn,mail,pwdLastSet,distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
oWshShell.Popup "Running at " & Date(), 1
Do While Not objRecordSet.EOF
strName = objRecordSet.Fields("displayName").Value
strCN = objRecordSet.Fields("cn").value
strEmailAddress = objRecordSet.Fields("mail").value
oWshShell.Popup "NT Name: " & strName & ", Common Name: " & strCN, 1
' write user info to logfile
'oWshShell.Popup vbtab & "DistinguishedName: " & objRecordSet.Fields("distinguishedName").Value, 1
On Error Resume Next
Set objUserConnection = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
If Err.Number = 0 Then
On Error GoTo 0
Set objPwdLastSet = objUserConnection.pwdLastSet
strPasswordChangeDate = Integer8Date(objPwdLastSet, lngTZBias)
'oWshShell.Popup vbTab & "Password last changed at " & strPasswordChangeDate, 1
intPassAge = DateDiff("d", strPasswordChangeDate, Now)
oWshShell.Popup vbTab & "Password changed " & intPassAge & " days ago", 1
If intPassAge = (PasswordExpiry-1) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 1 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 1 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 1)
ElseIf intPassAge = (PasswordExpiry-2) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 2 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 2 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 2)
ElseIf intPassAge = (PasswordExpiry-3) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 3 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 3 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 3)
ElseIf intPassAge = (PasswordExpiry-4) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 4 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 4 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 4)
ElseIf intPassAge = (PasswordExpiry-5) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 5 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 5 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 5)
ElseIf intPassAge = (PasswordExpiry-6) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 6 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 6 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 6)
ElseIf intPassAge = (PasswordExpiry-7) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 7 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 7 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 7)
ElseIf intPassAge = (PasswordExpiry-12) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 12 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 12 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 12)
ElseIf intPassAge = (PasswordExpiry-13) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 13 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 13 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 13)
ElseIf intPassAge = (PasswordExpiry-14) Then
oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 14 days", 1
objLogFile.Writeline " Display Name :" & strName
objLogFile.Writeline " Email :" & strEmailAddress
objLogFile.Writeline " Password Expires in 14 " & " days"
objLogFile.Writeline
Call SendEmailMessage(strEmailAddress, 14)
End If
Else
Err.Clear
On Error GoTo 0
oWshShell.Popup vbtab & "Error binding to " & objRecordSet.Fields("distinguishedName").Value, 1
End If
objRecordSet.MoveNext
Loop
objConnection.Close
Function Integer8Date(objDate, lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for error in IADslargeInteger property methods.
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
' Trap error if lngDate is overly large
On Error Resume Next
Integer8Date = CDate(lngDate)
If Err.Number <> 0 Then
On Error GoTo 0
Integer8Date = #1/1/1601#
End If
On Error GoTo 0
End Function
Sub SendEmailMessage(strDestEmail, strNoOfDays)
Set objMessage = CreateObject("CDO.Message")
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "send.sapura.com.my"
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.Fields.Update
objMessage.Subject = "Password Expires in " & strNoOfDays & " days"
objMessage.From = "Password-Notifier@sapura.com.my"
objMessage.To = strEmailAddress
objMessage.TextBody = "Your password expires in " & strNoOfDays & " day/s. Please change your password at http://webmail.sapura.com.my to prevent further logon problems." & vbCRLF & vbCRLF & vbCRLF & vbCRLF & "Regards," & vbCRLF & vbCRLF & "Sapura Postmaster"
'objLogFile.Writeline
'objLogFile.Writeline
'objMessage.TextBody = "Regards,"
'objLogFile.Writeline
'objMessage.TextBody = "Sapura Postmaster"
objMessage.Send
End Sub
As part of a script I use I run an LDAP query where I am checking for the name & email. If the AD account has an email address then I send an email to the user and add their info to a table, if there is no email I only add it to a table. (strUserName is a varialbe used to house the AD user name passed to it from a function call)
Set objConnection = CreateObject("ADODB.Connec
Set objCommand = CreateObject("ADODB.Comman
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnectio
objCommand.CommandText = "Select DistinguishedName, mail, cn from 'LDAP://DC=yourdomain,DC=c
Set objConnection = CreateObject("ADODB.Connec
Set objCommand = CreateObject("ADODB.Comman
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnectio
objCommand.CommandText = "Select DistinguishedName, mail, cn from 'LDAP://DC=yourdomain,DC=c
ASKER
Hi Cpedigo,
Interested with your scripts. It is able to combine with my scripts? and what is the final script look like?
Interested with your scripts. It is able to combine with my scripts? and what is the final script look like?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
objLogFile.close
Set objLogFile = NOTHING
Set oWshShell = NOTHING