Add code to VBScript for password change
I found the following code and made a couple of minor changes. The code looks up Active Directory for the users password age and produces a pop-up if the password will expire in 14 days or less. What I would like to do is alter the code so that I could add variables, like vacation periods, so if their password will expire over break the pop-up will be displayed before the break period.
For instance:
The users password will expire in 45 days. Summer break is coming up, which lasts 70 days. The 14 days setting will not help in this instance. I have 4 vacation periods that I would like to add to the script.
Not sure what the best way to do this. Maybe a Select Case code using current date then 4 selected dates. Any other time the 14 day setting should apply.
Thanks!
For instance:
The users password will expire in 45 days. Summer break is coming up, which lasts 70 days. The 14 days setting will not help in this instance. I have 4 vacation periods that I would like to add to the script.
Not sure what the best way to do this. Maybe a Select Case code using current date then 4 selected dates. Any other time the 14 day setting should apply.
Thanks!
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = NothingASKER
Well, I would like them to be prompted to change their password before they leave for vacation.
For example. The current script checks Active Directory for their users password age. If the password is due to expire in 14 days or less it will produce a pop-up message.
Here are the breaks.
Break 1: June 1 - Sept 1
Break 2: Dec 1 - Jan1
Break 3: Mar 1 - Apl 1
This is what I'm trying to do.
The script checks Active Directory for the users password age then it checks for the current date. If the current date matches any of the above date ranges it should produce the custom msg box for that date. Something like this:
Select Case Break
Case "Break 1"
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
Case "Break 2"
Same as above but with different message.
Case "Break 3"
Same as above but with different message.
Case Else
Continue to standard 14 day age()
End Select
I hope that makes sense.
For example. The current script checks Active Directory for their users password age. If the password is due to expire in 14 days or less it will produce a pop-up message.
Here are the breaks.
Break 1: June 1 - Sept 1
Break 2: Dec 1 - Jan1
Break 3: Mar 1 - Apl 1
This is what I'm trying to do.
The script checks Active Directory for the users password age then it checks for the current date. If the current date matches any of the above date ranges it should produce the custom msg box for that date. Something like this:
Select Case Break
Case "Break 1"
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
Case "Break 2"
Same as above but with different message.
Case "Break 3"
Same as above but with different message.
Case Else
Continue to standard 14 day age()
End Select
I hope that makes sense.
ASKER
One thing....if the current date falls in one of those date ranges, the script will have to work out if the password will expire during this time. If not then the script should proceed as normal (14 day warning).
Hi, try this. Add the dates in objBreaks.
Regards,
Rob.
Regards,
Rob.
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
Set objBreaks = CreateObject("Scripting.Dictionary")
objBreaks.Add "01-Jun-2011", "01-Sep-2011"
objBreaks.Add "01-Dec-2011", "01-Jan-2012"
objBreaks.Add "01-Mar-2012", "01-Apr-2012"
If daysLeft > -1 Then
If (daysLeft < warningDays) Then
MsgBox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
Else
For Each strStart In objBreaks
strEnd = objBreaks(strStart)
intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
End If
Next
End If
End If
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = NothingASKER
I think I'm not explaining what I want correctly. Sorry.
Currently the script checks AD for your password age and and if it expires in 14 days or less it will produce a message.
We have 3 breaks during the year. I would like the students to change their passwords if it works out that their passwords will expire during the break (between the date range specified). This will need to occur 14 days (and less) before the break begins. I would like to have a separate message for each date range. Outside of the dates ranges, the standard 14 days notice should apply.
Let me know if you have any questions.
Currently the script checks AD for your password age and and if it expires in 14 days or less it will produce a message.
We have 3 breaks during the year. I would like the students to change their passwords if it works out that their passwords will expire during the break (between the date range specified). This will need to occur 14 days (and less) before the break begins. I would like to have a separate message for each date range. Outside of the dates ranges, the standard 14 days notice should apply.
Let me know if you have any questions.
Ok, try replacing this:
with this:
Regards,
Rob.
For Each strStart In objBreaks
strEnd = objBreaks(strStart)
intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
End If
Nextwith this:
For Each strStart In objBreaks
strEnd = objBreaks(strStart)
intDaysToStartOfBreak = DateDiff("d", Now, CDate(strStart))
intDaysToEndOfBreak = DateDiff("d", Now, CDate(strEnd))
If daysLeft >= intDaysToStartOfBreak And daysLeft <= intDaysToEndOfBreak Then
If intDaysToStartOfBreak <= warningDays Then
MsgBox "You password will expire between " & strStart & " and " & strEnd & VbCrLf & VbCrLf & "Please change your password. Press CTRL-ALT-DEL and" & chr(13) & "select 'Change a password' option.", VBSystemModal, "PASSWORD EXPIRATION WARNING!"
End If
End If
NextRegards,
Rob.
ASKER
Hi Rob,
I tried the script and it doesn't seem to work. Nothing happens when I run it (after changing the date on my computer).
Can we try doing it this way.
-The script works out your password age.
-The script works out the current date.
-The script then checks the break dates to see if we are at least 14 days away from a break. If so, it will then need to work out if the password will expire during that break. If so it will produce the message about changing the password. If not the script continues as normal applying the 14 day warning setting.
Can you use Select Case code for the breaks? I would like to use a custom message for each break. Sorry to be a pain. Would like t get it right so you don't have to keep re-writing your code.
I tried the script and it doesn't seem to work. Nothing happens when I run it (after changing the date on my computer).
Can we try doing it this way.
-The script works out your password age.
-The script works out the current date.
-The script then checks the break dates to see if we are at least 14 days away from a break. If so, it will then need to work out if the password will expire during that break. If so it will produce the message about changing the password. If not the script continues as normal applying the 14 day warning setting.
Can you use Select Case code for the breaks? I would like to use a custom message for each break. Sorry to be a pain. Would like t get it right so you don't have to keep re-writing your code.
Here's what it tries to do, although I haven't been able to test it.
- Works how many days you have left until your password expires
- If the days left is less than the maximum days, display a message
- Otherwise, if the days left is in between the days until Start of break period, and the days until End of break period, then determine if we are 14 days from the Start of break period. If so, display message.
I may have that slightly wrong, but I'll have to think about it. I'll come back tomorrow to have another look (and hopefully test it).
Regards,
Rob.
- Works how many days you have left until your password expires
- If the days left is less than the maximum days, display a message
- Otherwise, if the days left is in between the days until Start of break period, and the days until End of break period, then determine if we are 14 days from the Start of break period. If so, display message.
I may have that slightly wrong, but I'll have to think about it. I'll come back tomorrow to have another look (and hopefully test it).
Regards,
Rob.
Here's what I see as the replacement to your original lines 40-43
ExpFrame = ""
ExpStart = ""
ExpFlag = false
Select Case whenPasswordExpires
Case CDate("01-Jun-2011") to CDate("01-Sep-2011")
ExpFrame = "Summer Break"
ExpStart = "01-Jun-2011"
ExpFlag = true
Case CDate("01-Dec-2011") to CDate("01-Jan-2012")
ExpFrame = "Christmas Break"
ExpStart = "01-Dec-2011"
ExpFlag = true
Case CDate("01-Mar-2012") to CDate("01-Apr-2012")
ExpFrame = "Spring Break"
ExpStart = "01-Mar-2012"
ExpFlag = true
End Select
if (daysLeft < warningDays) and (daysLeft > -1) then
tmpMsg = "Password Expires in " & daysleft & " day(s) on " & whenPasswordExpires & chr(13) & chr(13)
if ExpFlag = true then
tmpMsg = tmpMsg & "This is during " & ExpFrame & ". You will need to change your password before " & ExpStart & " instead." & chr(13) & chr(13)
end if
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"
end ifASKER
I would like to have a separate message for each date break so I can say; "Your password is due to expire during Spring break...." or "Your password is due to expire during Summer break....".
The SELECT CASE I included would allow that.
Each CASE would set a variable to the *name* of the break and then include that name within the message.
For instance, if the break were Summer Break, the message would display something like:
Password Expires in 13 day(s) on June 2
This is during Summer Break. You will need to change your password before June 1 instead.
Please change your password. Press CTRL-ALT-DEL and select 'Change a password' option.
Each CASE would set a variable to the *name* of the break and then include that name within the message.
For instance, if the break were Summer Break, the message would display something like:
Password Expires in 13 day(s) on June 2
This is during Summer Break. You will need to change your password before June 1 instead.
Please change your password. Press CTRL-ALT-DEL and select 'Change a password' option.
The code dagesi provided looks like it should work. Give it a shot, and if you still have issues, I'll look at mine again.
Regards,
Rob.
Regards,
Rob.
ASKER
I just want to confirm, is this the correct final code? If so, I'm getting an "Expected Statement" error on line 46, char 31.
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
ExpFrame = ""
ExpStart = ""
ExpFlag = false
Select Case whenPasswordExpires
Case CDate("01-Jun-2011") to CDate("01-Sep-2011")
ExpFrame = "Summer Break"
ExpStart = "01-Jun-2011"
ExpFlag = true
Case CDate("01-Dec-2011") to CDate("01-Jan-2012")
ExpFrame = "Christmas Break"
ExpStart = "01-Dec-2011"
ExpFlag = true
Case CDate("01-Mar-2012") to CDate("01-Apr-2012")
ExpFrame = "Spring Break"
ExpStart = "01-Mar-2012"
ExpFlag = true
End Select
if (daysLeft < warningDays) and (daysLeft > -1) then
tmpMsg = "Password Expires in " & daysleft & " day(s) on " & whenPasswordExpires & chr(13) & chr(13)
if ExpFlag = true then
tmpMsg = tmpMsg & "This is during " & ExpFrame & ". You will need to change your password before " & ExpStart & " instead." & chr(13) & chr(13)
end if
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
MsgBox tmpMsg,VBSystemModal, "PASSWORD EXPIRATION WARNING!"
end if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = NothingASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rob,
I replaced the code. Now I'm getting a Syntax error for the last line "Set oDomain = Nothing". Any ideas?
I replaced the code. Now I'm getting a Syntax error for the last line "Set oDomain = Nothing". Any ideas?
That seems odd, but the cleanup isn't really required, as the objects will be automatically destroyed when the script exits. Just comment that out, and see what you get.
Regards,
Rob.
Regards,
Rob.
ASKER
Rob,
I got the script to work without errors. I started from the beginning and it worked fine. I'm having troubles testing the date portion of the script. How does the script get the current date? Is it via the computer the script runs on or the server? When I tested the script, my user account has a password age of 69 days. If I change the date on my computer so that my password will expire over a break, the script doesn't prompt me.
IV
I got the script to work without errors. I started from the beginning and it worked fine. I'm having troubles testing the date portion of the script. How does the script get the current date? Is it via the computer the script runs on or the server? When I tested the script, my user account has a password age of 69 days. If I change the date on my computer so that my password will expire over a break, the script doesn't prompt me.
IV
It gets the date of expiration from this line:
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
which *should* calculate locally.....but add a MsgBox after this line:
daysLeft = DateDiff("d",fromDate,when
like
MsgBox "Your password will expire in " & daysLeft & " days."
Just for testing....
Rob.
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
which *should* calculate locally.....but add a MsgBox after this line:
daysLeft = DateDiff("d",fromDate,when
like
MsgBox "Your password will expire in " & daysLeft & " days."
Just for testing....
Rob.
ASKER
That was helpful. The date ranges aren't functioning. When I run the script it tells me that my password will expire in x days. I changed the computer date and the date ranges so that my password will expire over break but the script doesn't pick that up. It may be the 14 warning days that may be a problem.
When you change your computer date, does the days left change?
ASKER
Yes it does.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK Rob. This is what happens now. I run the script and I get the message "You password will expire in 170 days" (testing message). I changed the date in the script so the password expires over the break. The script then continues to the following message: "Please change your password...." It skips the break message.
I see that there is this line:
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
Which is under the "This is during" line, meaning it overwrites that message. Change
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
to this
tmpMsg = tmpMsg & "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
and see what message you see then.
Regards,
Rob.
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
Which is under the "This is during" line, meaning it overwrites that message. Change
tmpMsg = "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
to this
tmpMsg = tmpMsg & "Please change your password. Press CTRL-ALT-DEL and " & chr(13) & "select 'Change a password' option."
and see what message you see then.
Regards,
Rob.
ASKER
Rob,
Making that change seemed to work nicely. The last thing is......Is there a way to somehow avoid the message from appearing until the 14 day warning? The reason why is this message pops up every 10 minutes using Windows task scheduler. I'm getting the message: You password will expire in 170 days. This is during summer break. ....
I appreciate the help.
Making that change seemed to work nicely. The last thing is......Is there a way to somehow avoid the message from appearing until the 14 day warning? The reason why is this message pops up every 10 minutes using Windows task scheduler. I'm getting the message: You password will expire in 170 days. This is during summer break. ....
I appreciate the help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rob,
I just realized that the 14 day warning for the break will not work. It will have to be a 14 day warning from the start of the break for it to work successfully. Is there any way you can code that in?
- For normal password expiration outside of the break dates the 14 day warning is fine.
- If the password is due to expire within the break date then the 14 day warning from the beginning of the break will need to kick in.
Sorry to keep pushing.
IV
I just realized that the 14 day warning for the break will not work. It will have to be a 14 day warning from the start of the break for it to work successfully. Is there any way you can code that in?
- For normal password expiration outside of the break dates the 14 day warning is fine.
- If the password is due to expire within the break date then the 14 day warning from the beginning of the break will need to kick in.
Sorry to keep pushing.
IV
That's what I've done with this:
If DateDiff("d", Date, CDate(ExpStart)) < warningDays Then
If the date falls in the break range, it should only show the message if the date *now* is within 14 days from that break start.
Regards,
Rob.
If DateDiff("d", Date, CDate(ExpStart)) < warningDays Then
If the date falls in the break range, it should only show the message if the date *now* is within 14 days from that break start.
Regards,
Rob.
>RobSampson...
Actually, the "To" should have worked for the CASE... unless you meant that it likely wasn't functioning because it's not really using numbers AS the values in the "To"...
And I can't believe I forgot to include the tmpMsg = tmpMsg & on the third tmpMsg line...
Actually, the "To" should have worked for the CASE... unless you meant that it likely wasn't functioning because it's not really using numbers AS the values in the "To"...
And I can't believe I forgot to include the tmpMsg = tmpMsg & on the third tmpMsg line...
ASKER
Thanks for your help Rob. We finally got there. I think the testing was a little more difficult then usual. I appreciate the help.
IV
IV
@dagesi
>> because it's not really using numbers AS the values in the "To"...
You're right. I forget you *can* use To with Case for ranges, but yeah, I had syntax errors with the dates, so it musn't like that.
Glad we got there, thanks for the grade.
Regards,
Rob.
>> because it's not really using numbers AS the values in the "To"...
You're right. I forget you *can* use To with Case for ranges, but yeah, I had syntax errors with the dates, so it musn't like that.
Glad we got there, thanks for the grade.
Regards,
Rob.
If you were to add a SELECT CASE structure after line 39 where the SELECT CASE is Date + daysleft
and the CASE are the ranges of your vacations,e.g. CASE 160-230
then whenever the Date + daysleft falls into the CASEs, set a flag to True
change daysleft to the lower end of your CASE - Date
and then add a second IF statement before line 42 that will check the flag, and cause a different message to be displayed, referencing the fact the password will expire over the break.