Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 363
  • Last Modified:

VBScript: PW Set to Never Expire

Hi Experts,

    I'm trying to pull all  ACTIVE accounts that start with "NPS" that are set to "NEVER EXPIRE" in Active Directory.  The search would be based off their UPN prefix. i.e. "NPS0123456"

Logic:

1.)  Pull all active accounts where their UPN prefix begins with "NPS" Example filter to use in Script:

(&(objectCategory=person)(objectClass=user)(userPrincipalName=NPS*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)));adsPath,userPrincipalName;Subtree"

2.)  Pull all active NPS accounts that are set to "NEVER EXPIRE"

3.)  Produce and output report i.e. CSV with these finds.

    Any help you can provide is GREATLY APPRECIATED.

Thanks!
0
itsmevic
Asked:
itsmevic
1 Solution
 
David LeeCommented:
Hi, itsmevic.

This should do it.
Const ADS_UF_SCRIPT = 1
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_UF_HOMEDIR_REQUIRED = 8
Const ADS_UF_LOCKOUT = 16
Const ADS_UF_PASSWD_NOTREQD = 32
Const ADS_UF_PASSWD_CANT_CHANGE = 64
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128
Const ADS_UF_TEMP_DUPLICATE_ACCOUNT = 256
Const ADS_UF_NORMAL_ACCOUNT = 512
Const ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 2048
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = 4096
Const ADS_UF_SERVER_TRUST_ACCOUNT = 8192
Const ADS_UF_DONT_EXPIRE_PASSWD = 65536
Const ADS_UF_MNS_LOGON_ACCOUNT = 131072
Const ADS_UF_SMARTCARD_REQUIRED = 262144
Const ADS_UF_TRUSTED_FOR_DELEGATION = 524288
Const ADS_UF_NOT_DELEGATED = 1048576
Const ADS_UF_USE_DES_KEY_ONLY = 2097152
Const ADS_UF_DONT_REQUIRE_PREAUTH = 4194304
Const ADS_UF_PASSWORD_EXPIRED = 8388608
Const ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216


Dim adoCmd, adoCon, adoRS, objUser, objFSO, objFil

Set objFSO = CreateObject("Scripting.fileSystemObject")
Set objFil = objFSO.CreateTextFile("C:\Non-expiring Accounts.csv",True)

Set adoCon = CreateObject("ADODB.Connection")
adoCon.Provider = "ADsDSOObject"
adoCon.CursorLocation = 3
adoCon.Open "ADSI"
Set adoCmd = CreateObject("ADODB.Command")
adoCmd.ActiveConnection = adoCon
'On the next line enter your domain name in place of company.com'
adoCmd.CommandText = "SELECT userPrincipalName,userAccountControl,ADsPath FROM 'LDAP://company.com' WHERE objectClass='user' AND objectCategory='Person' ORDER BY userPrincipalName"
adoCmd.Properties("Size Limit") = 5000
adoCmd.Properties("Page Size") = 100
adoCmd.Properties("Timeout") = 30
adoCmd.Properties("Cache Results") = False
Set adoRS = adoCmd.Execute()

Do Until adoRS.EOF
	Set objUser = GetObject(adoRS.Fields("ADsPath"))
	If Left(adoRS.Fields("userPrincipalName").Value,3) = "NPS" Then
		If (adoRS.Fields("userAccountControl") And ADS_UF_DONT_EXPIRE_PASSWD) Then
			objFil.WriteLine adoRS.Fields("userPrincipalName").Value
		End If
	End If
	adoRS.MoveNext
Loop
objFil.Close
Set objFil = Nothing
Set objFSO = Nothing
adoRS.Close
Set adoRS = Nothing
adoCon.Close
Set adoCon = Nothing
Set adoCmd = Nothing

Open in new window

0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now