windows 7 password expiration popup
Hi,
I'm sorry if this a trivial question. I've been trying to get this scrip to work on my domain so users get a popup when network passwords are about to expire on windows 7 machines. Do I have to change anything on this script?
I've been changing GetObject("LDAP://" to fit my domain so I've put either
LDAP://CN=Users, DC=mydomain, dc=com or
LDAP://DC=mydomain, dc=com
but in either case I get an error. The only time i don't get an error is when I leave it alone "LDAP://" but then nothing happens. I've tried to look on the web but I can't find people saying they are modifying it.
I'm missing something stupid I know. Sorry new to scripting.
Here is the script:
'=========================
' Check for password expiring notification
'=========================
' First, get the domain policy.
'=========================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 26
Set LoginInfo = CreateObject("ADSystemInfo
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSN
strUserDN = LoginInfo.UserName
'=========================
' Check if password is non-expiring.
'=========================
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
intUserAccountControl = objUser.Get("userAccountCo
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
'WScript.Echo "The password does not expire."
Else
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'=========================
' Calculate the number of days that are
' held in this value.
'=========================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'=========================
' Determine the last time that the user
' changed his or her password.
'=========================
Set oUser = GetObject("LDAP://" & strUserDN)
'=========================
' Add the number of days to the last time
' the password was set.
'=========================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,when
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Your password will expire in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Press CTRL + ALT + DEL and select the 'Change a password' option.", 0, "Password Expiration Warning"
End if
End if
'=========================
' Clean up.
'=========================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
I'm sorry if this a trivial question. I've been trying to get this scrip to work on my domain so users get a popup when network passwords are about to expire on windows 7 machines. Do I have to change anything on this script?
I've been changing GetObject("LDAP://" to fit my domain so I've put either
LDAP://CN=Users, DC=mydomain, dc=com or
LDAP://DC=mydomain, dc=com
but in either case I get an error. The only time i don't get an error is when I leave it alone "LDAP://" but then nothing happens. I've tried to look on the web but I can't find people saying they are modifying it.
I'm missing something stupid I know. Sorry new to scripting.
Here is the script:
'=========================
' Check for password expiring notification
'=========================
' First, get the domain policy.
'=========================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 26
Set LoginInfo = CreateObject("ADSystemInfo
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSN
strUserDN = LoginInfo.UserName
'=========================
' Check if password is non-expiring.
'=========================
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
intUserAccountControl = objUser.Get("userAccountCo
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
'WScript.Echo "The password does not expire."
Else
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'=========================
' Calculate the number of days that are
' held in this value.
'=========================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'=========================
' Determine the last time that the user
' changed his or her password.
'=========================
Set oUser = GetObject("LDAP://" & strUserDN)
'=========================
' Add the number of days to the last time
' the password was set.
'=========================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,when
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Your password will expire in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Press CTRL + ALT + DEL and select the 'Change a password' option.", 0, "Password Expiration Warning"
End if
End if
'=========================
' Clean up.
'=========================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Natty Greg
Thats a lot of work, if you have a Domain controller you should set it up the policy and deploy it to all user, and whalla everyone is reminded. If no DC you can setup the same policy in the Win 7 machine and then, force it to all computers on the network.
I use this short batchcode inside the logon script:
net user %username% /domain|findstr /C:"Password expires" >%temp%\expiry.txt
for /f "tokens=3" %%a in (%temp%\expiry.txt) do set expirydate=%%a
echo %date% >%temp%\today.txt
for /f "tokens=2" %%a in (%temp%\today.txt) do set today=%%a
if %today%==%expirydate% msg %username% Your passwords expires today!ASKER
Not sure what happened. I ran the script as is and it worked. Brain fart i guess after trying to get it to work all day. I'm pushing via GPO this will work great