Solved

Add code to VBScript for password change

Posted on 2011-03-24
31
1,107 Views
Last Modified: 2012-05-11
I found the following code and made a couple of minor changes. The code looks up Active Directory for the users password age and produces a pop-up if the password will expire in 14 days or less. What I would like to do is alter the code so that I could add variables, like vacation periods, so if their password will expire over break the pop-up will be displayed before the break period.
For instance:
The users password will expire in 45 days. Summer break is coming up, which lasts 70 days. The 14 days setting will not help in this instance. I have 4 vacation periods that I would like to add to the script.
Not sure what the best way to do this. Maybe a Select Case code using current date then 4 selected dates. Any other time the 14 day setting should apply.

Thanks!

 
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14

Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName

Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays

'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then

MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing

Open in new window

0
Comment
Question by:ivanoviola
  • 14
  • 13
  • 4
31 Comments
 
LVL 4

Expert Comment

by:dagesi
ID: 35210869
So, you mean you have a set of vacation periods during which time changing the password will not be an option, right?

If you were to add a SELECT CASE structure after line 39 where the SELECT CASE is Date + daysleft

and the CASE are the ranges of your vacations,e.g. CASE 160-230
then whenever the Date + daysleft falls into the CASEs, set a flag to True
change daysleft to the lower end of your CASE - Date
and then add a second IF statement before line 42 that will check the flag, and cause a different message to be displayed, referencing the fact the password will expire over the break.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35211740
Well, I would like them to be prompted to change their password before they leave for vacation.

For example. The current script checks Active Directory for their users password age. If the password is due to expire in 14 days or less it will produce a pop-up message.

Here are the breaks.
Break 1: June 1 - Sept 1
Break 2: Dec 1 - Jan1
Break 3: Mar 1 - Apl 1

This is what I'm trying to do.
The script checks Active Directory for the users password age then it checks for the current date. If the current date matches any of the above date ranges it should produce the custom msg box for that date. Something like this:

Select Case Break
  Case "Break 1"
    'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
  Case "Break 2"
  Same as above but with different message.
  Case "Break 3"
   Same as above but with different message.
  Case Else
  Continue to standard 14 day age()
End Select

I hope that makes sense.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35212037
One thing....if the current date falls in one of those date ranges, the script will have to work out if the password will expire during this time. If not then the script should proceed as normal (14 day warning).
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35212335
Hi, try this.  Add the dates in objBreaks.

Regards,

Rob.
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14

Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName

Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays

'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged

Set objBreaks = CreateObject("Scripting.Dictionary")
objBreaks.Add "01-Jun-2011", "01-Sep-2011"
objBreaks.Add "01-Dec-2011", "01-Jan-2012"
objBreaks.Add "01-Mar-2012", "01-Apr-2012"

If daysLeft > -1 Then
	If (daysLeft < warningDays) Then
		MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
	Else
		For Each strStart In objBreaks
			strEnd = objBreaks(strStart)
			intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
			intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
			If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
				MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
			End If
		Next
	End If
End If
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing

Open in new window

0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35212444
I think I'm not explaining what I want correctly. Sorry.

Currently the script checks AD for your password age and and if it expires in 14 days or less it will produce a message.

We have 3 breaks during the year. I would like the students to change their passwords if it works out that their passwords will expire during the break (between the date range specified). This will need to occur 14 days (and less) before the break begins. I would like to have a separate message for each date range. Outside of the dates ranges, the standard 14 days notice should apply.

Let me know if you have any questions.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35212478
Ok, try replacing this:
		For Each strStart In objBreaks
			strEnd = objBreaks(strStart)
			intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
			intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
			If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
				MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
			End If
		Next

Open in new window


with this:
		For Each strStart In objBreaks
			strEnd = objBreaks(strStart)
			intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
			intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
			If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
				If intDaysToStartOfBreak <= warningDays Then
					MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
				End If
			End If
		Next

Open in new window


Regards,

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35212553
Hi Rob,

I tried the script and it doesn't seem to work. Nothing happens when I run it (after changing the date on my computer).

Can we try doing it this way.
-The script works out your password age.
-The script works out the current date.
-The script then checks the break dates to see if we are at least 14 days away from a break. If so, it will then need to work out if the password will expire during that break. If so it will produce the message about changing the password. If not the script continues as normal applying the 14 day warning setting.

Can you use Select Case code for the breaks? I would like to use a custom message for each break. Sorry to be a pain. Would like t get it right so you don't have to keep re-writing your code.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35212940
Here's what it tries to do, although I haven't been able to test it.

- Works how many days you have left until your password expires
- If the days left is less than the maximum days, display a message
- Otherwise, if the days left is in between the days until Start of break period, and the days until End of break period, then determine if we are 14 days from the Start of break period.  If so, display message.

I may have that slightly wrong, but I'll have to think about it.  I'll come back tomorrow to have another look (and hopefully test it).

Regards,

Rob.
0
 
LVL 4

Expert Comment

by:dagesi
ID: 35215745
Here's what I see as the replacement to your original lines 40-43
ExpFrame = ""
  ExpStart = ""
  ExpFlag = false

  Select Case whenPasswordExpires

    Case CDate("01-Jun-2011") to CDate("01-Sep-2011")
      ExpFrame = "Summer Break"
      ExpStart = "01-Jun-2011"
      ExpFlag = true
    Case CDate("01-Dec-2011") to CDate("01-Jan-2012")
      ExpFrame = "Christmas Break"
      ExpStart = "01-Dec-2011"
      ExpFlag = true
     Case CDate("01-Mar-2012") to CDate("01-Apr-2012")
      ExpFrame = "Spring Break"
      ExpStart = "01-Mar-2012"
      ExpFlag = true
  End Select

  
  if (daysLeft < warningDays) and (daysLeft > -1) then 

  tmpMsg = "Password Expires in " & daysleft & " day(s) on " & whenPasswordExpires & chr(13) & chr(13)
  if ExpFlag = true then
    tmpMsg = tmpMsg & "This is during " & ExpFrame & ".  You will need to change your password before " & ExpStart & " instead." & chr(13) & chr(13)
  end if
  tmpMsg = "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."

  MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"

end if

Open in new window

0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35221623
I would like to have a separate message for each date break so I can say; "Your password is due to expire during Spring break...." or "Your password is due to expire during Summer break....".

0
 
LVL 4

Expert Comment

by:dagesi
ID: 35232556
The SELECT CASE I included would allow that.
Each CASE would set a variable to the *name* of the break and then include that name within the message.
For instance, if the break were Summer Break, the message would display something like:

Password Expires in 13 day(s) on June 2
This is during Summer Break. You will need to change your password before June 1 instead.
Please change your password. Press CTRL-ALT-DEL and select 'Change a password' option.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35236437
The code dagesi provided looks like it should work.  Give it a shot, and if you still have issues, I'll look at mine again.

Regards,

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35236576
I just want to confirm, is this the correct final code? If so, I'm getting an "Expected Statement" error on line 46, char 31.
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14

Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName

Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays

'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
ExpFrame = ""
  ExpStart = ""
  ExpFlag = false

  Select Case whenPasswordExpires

    Case CDate("01-Jun-2011") to CDate("01-Sep-2011")
      ExpFrame = "Summer Break"
      ExpStart = "01-Jun-2011"
      ExpFlag = true
    Case CDate("01-Dec-2011") to CDate("01-Jan-2012")
      ExpFrame = "Christmas Break"
      ExpStart = "01-Dec-2011"
      ExpFlag = true
     Case CDate("01-Mar-2012") to CDate("01-Apr-2012")
      ExpFrame = "Spring Break"
      ExpStart = "01-Mar-2012"
      ExpFlag = true
  End Select

  
  if (daysLeft < warningDays) and (daysLeft > -1) then 

  tmpMsg = "Password Expires in " & daysleft & " day(s) on " & whenPasswordExpires & chr(13) & chr(13)
  if ExpFlag = true then
    tmpMsg = tmpMsg & "This is during " & ExpFrame & ".  You will need to change your password before " & ExpStart & " instead." & chr(13) & chr(13)
  end if
  tmpMsg = "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."

  MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"

end if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing

Open in new window

0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 35236655
Oh yeah, you can't really do "between" ranges with a Select Case....try replacing the Select Case block with this.

Regards,

Rob.
If whenPasswordExpires >= CDate("01-Jun-2011") And whenPasswordExpires <= CDate("01-Sep-2011") Then
      ExpFrame = "Summer Break"
      ExpStart = "01-Jun-2011"
      ExpFlag = True
    ElseIf whenPasswordExpires >= CDate("01-Dec-2011") And whenPasswordExpires <= CDate("01-Jan-2012") Then
      ExpFrame = "Christmas Break"
      ExpStart = "01-Dec-2011"
      ExpFlag = true
    ElseIf whenPasswordExpires >= CDate("01-Mar-2012") And whenPasswordExpires <= CDate("01-Apr-2012") Then
      ExpFrame = "Spring Break"
      ExpStart = "01-Mar-2012"
      ExpFlag = True
	End If

Open in new window

0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35236989
Rob,

I replaced the code. Now I'm getting a Syntax error for the last line "Set oDomain = Nothing".  Any ideas?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 65

Expert Comment

by:RobSampson
ID: 35237002
That seems odd, but the cleanup isn't really required, as the objects will be automatically destroyed when the script exits.  Just comment that out, and see what you get.

Regards,

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35237220
Rob,

I got the script to work without errors. I started from the beginning and it worked fine. I'm having troubles testing the date portion of the script. How does the script get the current date? Is it via the computer the script runs on or the server? When I tested the script, my user account has a password age of 69 days. If I change the date on my computer so that my password will expire over a break, the script doesn't prompt me.

IV
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35237336
It gets the date of expiration from this line:
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)

which *should* calculate locally.....but add a MsgBox after this line:
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

like
MsgBox "Your password will expire in " & daysLeft & " days."

Just for testing....

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35237485
That was helpful. The date ranges aren't functioning. When I run the script it tells me that my password will expire in x days. I changed the computer date and the date ranges so that my password will expire over break but the script doesn't pick that up. It may be the 14 warning days that may be a problem.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35237498
When you change your computer date, does the days left change?
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35237507
Yes it does.
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 500 total points
ID: 35237536
OK, so the problem is in the logic then.  Try changing this line:
  if (daysLeft < warningDays) and (daysLeft > -1) then

to this
If ((daysLeft < warningDays) and (daysLeft > -1)) or ExpFlag = True then

Regards,

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35237593
OK Rob. This is what happens now. I run the script and I get the message "You password will expire in 170 days" (testing message). I changed  the date in the script so the password expires over the break. The script then continues to the following message: "Please change your password...." It skips the break message.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35237932
I see that there is this line:
  tmpMsg = "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."

Which is under the "This is during" line, meaning it overwrites that message.  Change
  tmpMsg = "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."

to this
  tmpMsg = tmpMsg & "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."


and see what message you see then.

Regards,

Rob.
0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35237979
Rob,

Making that change seemed to work nicely. The last thing is......Is there a way to somehow avoid the message from appearing until the 14 day warning? The reason why is this message pops up every 10 minutes using Windows task scheduler. I'm getting the message: You password will expire in 170 days. This is during summer break. ....

I appreciate the help.
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 500 total points
ID: 35238085
OK, try changing your If block to the code below.  That should check, if the ExpFlag has been set, whether the start date is 14 days away from now, or not.

Regards,

Rob.
If ((daysLeft < warningDays) and (daysLeft > -1)) or ExpFlag = True Then 
	tmpMsg = "Password Expires in " & daysleft & " day(s) on " & whenPasswordExpires & chr(13) & chr(13)
	If ExpFlag = True Then
		tmpMsg = tmpMsg & "This is during " & ExpFrame & ".  You will need to change your password before " & ExpStart & " instead." & chr(13) & chr(13)
	End If
	tmpMsg = tmpMsg & "Please change your password.  Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."

	If ExpFlag = True Then
		If DateDiff("d", Date, CDate(ExpStart)) < warningDays Then
			MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"
		End If
	Else
		MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"
	End If
End If

Open in new window

0
 
LVL 21

Author Comment

by:ivanoviola
ID: 35238122
Rob,

I just realized that the 14 day warning for the break will not work. It will have to be a 14 day warning from the start of the break for it to work successfully. Is there any way you can code that in?

- For normal password expiration outside of the break dates the 14 day warning is fine.
- If the password is due to expire within the break date then the 14 day warning from the beginning of the break will need to kick in.

Sorry to keep pushing.

IV
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35238285
That's what I've done with this:
            If DateDiff("d", Date, CDate(ExpStart)) < warningDays Then

If the date falls in the break range, it should only show the message if the date *now* is within 14 days from that break start.

Regards,

Rob.
0
 
LVL 4

Expert Comment

by:dagesi
ID: 35240657
>RobSampson...
Actually, the "To" should have worked for the CASE... unless you meant that it likely wasn't functioning because it's not really using numbers AS the values in the "To"...
And I can't believe I forgot to include the tmpMsg = tmpMsg & on the third tmpMsg line...
0
 
LVL 21

Author Closing Comment

by:ivanoviola
ID: 35240670
Thanks for your help Rob. We finally got there. I think the testing was a little more difficult then usual. I appreciate the help.

IV
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 35244539
@dagesi
>> because it's not really using numbers AS the values in the "To"...

You're right.  I forget you *can* use To with Case for ranges, but yeah, I had syntax errors with the dates, so it musn't like that.

Glad we got there, thanks for the grade.

Regards,

Rob.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Recently I finished a vbscript that I thought I'd share.  It uses a text file with a list of server names to loop through and get various status reports, then writes them all into an Excel file.  Originally it was put together for our Altiris server…
Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now