Solved

VBScript:  PW Set to Never Expire

Posted on 2011-03-10
1
352 Views
Last Modified: 2012-08-14
Hi Experts,

    I'm trying to pull all  ACTIVE accounts that start with "NPS" that are set to "NEVER EXPIRE" in Active Directory.  The search would be based off their UPN prefix. i.e. "NPS0123456"

Logic:

1.)  Pull all active accounts where their UPN prefix begins with "NPS" Example filter to use in Script:

(&(objectCategory=person)(objectClass=user)(userPrincipalName=NPS*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)));adsPath,userPrincipalName;Subtree"

2.)  Pull all active NPS accounts that are set to "NEVER EXPIRE"

3.)  Produce and output report i.e. CSV with these finds.

    Any help you can provide is GREATLY APPRECIATED.

Thanks!
0
Comment
Question by:itsmevic
1 Comment
 
LVL 76

Accepted Solution

by:
David Lee earned 500 total points
ID: 35098174
Hi, itsmevic.

This should do it.
Const ADS_UF_SCRIPT = 1
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_UF_HOMEDIR_REQUIRED = 8
Const ADS_UF_LOCKOUT = 16
Const ADS_UF_PASSWD_NOTREQD = 32
Const ADS_UF_PASSWD_CANT_CHANGE = 64
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128
Const ADS_UF_TEMP_DUPLICATE_ACCOUNT = 256
Const ADS_UF_NORMAL_ACCOUNT = 512
Const ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 2048
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = 4096
Const ADS_UF_SERVER_TRUST_ACCOUNT = 8192
Const ADS_UF_DONT_EXPIRE_PASSWD = 65536
Const ADS_UF_MNS_LOGON_ACCOUNT = 131072
Const ADS_UF_SMARTCARD_REQUIRED = 262144
Const ADS_UF_TRUSTED_FOR_DELEGATION = 524288
Const ADS_UF_NOT_DELEGATED = 1048576
Const ADS_UF_USE_DES_KEY_ONLY = 2097152
Const ADS_UF_DONT_REQUIRE_PREAUTH = 4194304
Const ADS_UF_PASSWORD_EXPIRED = 8388608
Const ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216


Dim adoCmd, adoCon, adoRS, objUser, objFSO, objFil

Set objFSO = CreateObject("Scripting.fileSystemObject")
Set objFil = objFSO.CreateTextFile("C:\Non-expiring Accounts.csv",True)

Set adoCon = CreateObject("ADODB.Connection")
adoCon.Provider = "ADsDSOObject"
adoCon.CursorLocation = 3
adoCon.Open "ADSI"
Set adoCmd = CreateObject("ADODB.Command")
adoCmd.ActiveConnection = adoCon
'On the next line enter your domain name in place of company.com'
adoCmd.CommandText = "SELECT userPrincipalName,userAccountControl,ADsPath FROM 'LDAP://company.com' WHERE objectClass='user' AND objectCategory='Person' ORDER BY userPrincipalName"
adoCmd.Properties("Size Limit") = 5000
adoCmd.Properties("Page Size") = 100
adoCmd.Properties("Timeout") = 30
adoCmd.Properties("Cache Results") = False
Set adoRS = adoCmd.Execute()

Do Until adoRS.EOF
	Set objUser = GetObject(adoRS.Fields("ADsPath"))
	If Left(adoRS.Fields("userPrincipalName").Value,3) = "NPS" Then
		If (adoRS.Fields("userAccountControl") And ADS_UF_DONT_EXPIRE_PASSWD) Then
			objFil.WriteLine adoRS.Fields("userPrincipalName").Value
		End If
	End If
	adoRS.MoveNext
Loop
objFil.Close
Set objFil = Nothing
Set objFSO = Nothing
adoRS.Close
Set adoRS = Nothing
adoCon.Close
Set adoCon = Nothing
Set adoCmd = Nothing

Open in new window

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now