Solved

VBScript:  PW Set to Never Expire

Posted on 2011-03-10
1
356 Views
Last Modified: 2012-08-14
Hi Experts,

    I'm trying to pull all  ACTIVE accounts that start with "NPS" that are set to "NEVER EXPIRE" in Active Directory.  The search would be based off their UPN prefix. i.e. "NPS0123456"

Logic:

1.)  Pull all active accounts where their UPN prefix begins with "NPS" Example filter to use in Script:

(&(objectCategory=person)(objectClass=user)(userPrincipalName=NPS*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)));adsPath,userPrincipalName;Subtree"

2.)  Pull all active NPS accounts that are set to "NEVER EXPIRE"

3.)  Produce and output report i.e. CSV with these finds.

    Any help you can provide is GREATLY APPRECIATED.

Thanks!
0
Comment
Question by:itsmevic
1 Comment
 
LVL 76

Accepted Solution

by:
David Lee earned 500 total points
ID: 35098174
Hi, itsmevic.

This should do it.
Const ADS_UF_SCRIPT = 1
Const ADS_UF_ACCOUNTDISABLE = 2
Const ADS_UF_HOMEDIR_REQUIRED = 8
Const ADS_UF_LOCKOUT = 16
Const ADS_UF_PASSWD_NOTREQD = 32
Const ADS_UF_PASSWD_CANT_CHANGE = 64
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 128
Const ADS_UF_TEMP_DUPLICATE_ACCOUNT = 256
Const ADS_UF_NORMAL_ACCOUNT = 512
Const ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 2048
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT = 4096
Const ADS_UF_SERVER_TRUST_ACCOUNT = 8192
Const ADS_UF_DONT_EXPIRE_PASSWD = 65536
Const ADS_UF_MNS_LOGON_ACCOUNT = 131072
Const ADS_UF_SMARTCARD_REQUIRED = 262144
Const ADS_UF_TRUSTED_FOR_DELEGATION = 524288
Const ADS_UF_NOT_DELEGATED = 1048576
Const ADS_UF_USE_DES_KEY_ONLY = 2097152
Const ADS_UF_DONT_REQUIRE_PREAUTH = 4194304
Const ADS_UF_PASSWORD_EXPIRED = 8388608
Const ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 16777216


Dim adoCmd, adoCon, adoRS, objUser, objFSO, objFil

Set objFSO = CreateObject("Scripting.fileSystemObject")
Set objFil = objFSO.CreateTextFile("C:\Non-expiring Accounts.csv",True)

Set adoCon = CreateObject("ADODB.Connection")
adoCon.Provider = "ADsDSOObject"
adoCon.CursorLocation = 3
adoCon.Open "ADSI"
Set adoCmd = CreateObject("ADODB.Command")
adoCmd.ActiveConnection = adoCon
'On the next line enter your domain name in place of company.com'
adoCmd.CommandText = "SELECT userPrincipalName,userAccountControl,ADsPath FROM 'LDAP://company.com' WHERE objectClass='user' AND objectCategory='Person' ORDER BY userPrincipalName"
adoCmd.Properties("Size Limit") = 5000
adoCmd.Properties("Page Size") = 100
adoCmd.Properties("Timeout") = 30
adoCmd.Properties("Cache Results") = False
Set adoRS = adoCmd.Execute()

Do Until adoRS.EOF
	Set objUser = GetObject(adoRS.Fields("ADsPath"))
	If Left(adoRS.Fields("userPrincipalName").Value,3) = "NPS" Then
		If (adoRS.Fields("userAccountControl") And ADS_UF_DONT_EXPIRE_PASSWD) Then
			objFil.WriteLine adoRS.Fields("userPrincipalName").Value
		End If
	End If
	adoRS.MoveNext
Loop
objFil.Close
Set objFil = Nothing
Set objFSO = Nothing
adoRS.Close
Set adoRS = Nothing
adoCon.Close
Set adoCon = Nothing
Set adoCmd = Nothing

Open in new window

0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question