Days until password changes

[kdibricida]

I have been using the script below to check Service account expiration.

Can anyone help me so that i can have it check 3 accounts and just tell me on the screen how many days until they expire.

On Error Resume Next

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ONE_HUNDRED_NANOSECOND = .000000100
Const SECONDS_IN_DAY = 86400

Set objUser = GetObject("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com")

intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then ' LINE 11
WScript.Echo "The password does not expire."
WScript.Quit
Else
dtmValue = objUser.PasswordLastChanged
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then ' LINE 16
WScript.Echo "The password has never been set."
WScript.Quit
Else
intTimeInterval = Int(Now - dtmValue)
WScript.Echo "The password was last set on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & vbCrLf & _
"The difference between when the password was last" & vbCrLf & _
"set and today is " & intTimeInterval & " days"
End If

Set objDomain = GetObject("LDAP://DC=fabrikam,DC=com")
Set objMaxPwdAge = objDomain.Get("maxPwdAge")

If objMaxPwdAge.LowPart = 0 Then
WScript.Echo "The Maximum Password Age is set to 0 in the " & _
"domain. Therefore, the password does not expire."
WScript.Quit
Else
dblMaxPwdNano = _
Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND ' LINE 37
dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY) ' LINE 38
WScript.Echo "Maximum password age is " & dblMaxPwdDays & " days"

If intTimeInterval >= dblMaxPwdDays Then
WScript.Echo "The password has expired."
Else
WScript.Echo "The password will expire on " & _
DateValue(dtmValue + dblMaxPwdDays) & " (" & _
Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
End If
End If
End If

 

[PScottC]

Add the blue code as follows...

On Error Resume Next 

[blue]Dim arrUser(2)
arrUser(0) = "CN=user1,OU=management,DC=fabrikam,DC=com"
arrUser(1) = "CN=user2,OU=management,DC=fabrikam,DC=com"
arrUser(2) = "CN=user3,OU=management,DC=fabrikam,DC=com"[/blue]

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400

[blue]For ctr = 0 To UBound(arrUser)[/blue]
	Set objUser = GetObject("LDAP://" & arrUser(ctr))
	
	intUserAccountControl = objUser.Get("userAccountControl")
	If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then     ' LINE 11
	    WScript.Echo "The password does not expire."
	    WScript.Quit
	Else
	    dtmValue = objUser.PasswordLastChanged
	    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then               ' LINE 16
	        WScript.Echo "The password has never been set."
	        WScript.Quit
	    Else
	        intTimeInterval = Int(Now - dtmValue)
	        WScript.Echo "The password was last set on " & _
	          DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf & _
	          "The difference between when the password was last" & vbCrLf & _
	          "set and today is " & intTimeInterval & " days"
	    End If
	
	    Set objDomain = GetObject("LDAP://DC=fabrikam,DC=com")
	    Set objMaxPwdAge = objDomain.Get("maxPwdAge")
	
	    If objMaxPwdAge.LowPart = 0 Then
	        WScript.Echo "The Maximum Password Age is set to 0 in the " & _
	                     "domain. Therefore, the password does not expire."
	        WScript.Quit
	    Else
	        dblMaxPwdNano = _
	            Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
	        dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND  ' LINE 37
	        dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)     ' LINE 38
	        WScript.Echo "Maximum password age is " & dblMaxPwdDays & " days"
	
	        If intTimeInterval >= dblMaxPwdDays Then
	            WScript.Echo "The password has expired."
	        Else
	            WScript.Echo "The password will expire on " & _
	              DateValue(dtmValue + dblMaxPwdDays) & " (" & _
	              Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
	        End If
	    End If
	End If
[blue]Next[/blue]

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[PScottC]

Sorry... didn't test properly... Here is corrected code.

On Error Resume Next 

[blue]Dim arrUser(2)
arrUser(0) = "CN=user1,OU=management,DC=fabrikam,DC=com"
arrUser(1) = "CN=user2,OU=management,DC=fabrikam,DC=com"
arrUser(2) = "CN=user3,OU=management,DC=fabrikam,DC=com"[/blue]

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ONE_HUNDRED_NANOSECOND    = .000000100
Const SECONDS_IN_DAY            = 86400

[blue]For ctr = 0 To UBound(arrUser)
	WScript.Echo "Checking " & arrUser(ctr)
	Set objUser = GetObject("LDAP://" & arrUser(ctr))[/blue]
	
	intUserAccountControl = objUser.Get("userAccountControl")
	If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then     ' LINE 11
	    WScript.Echo "The password does not expire."
[green]' 	    WScript.Quit[/green]
	Else
	    dtmValue = objUser.PasswordLastChanged
	    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then               ' LINE 16
	        WScript.Echo "The password has never been set."
[green]'  	        WScript.Quit[/green]
	    Else
	        intTimeInterval = Int(Now - dtmValue)
	        WScript.Echo "The password was last set on " & _
	          DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf & _
	          "The difference between when the password was last" & vbCrLf & _
	          "set and today is " & intTimeInterval & " days"
	    End If
	
	    Set objDomain = GetObject("LDAP://DC=fabrikam,DC=com")
	    Set objMaxPwdAge = objDomain.Get("maxPwdAge")
	
	    If objMaxPwdAge.LowPart = 0 Then
	        WScript.Echo "The Maximum Password Age is set to 0 in the " & _
	                     "domain. Therefore, the password does not expire."
[green]' 	        WScript.Quit[/green]
	    Else
	        dblMaxPwdNano = _
	            Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
	        dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND  ' LINE 37
	        dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)     ' LINE 38
	        WScript.Echo "Maximum password age is " & dblMaxPwdDays & " days"
	
	        If intTimeInterval >= dblMaxPwdDays Then
	            WScript.Echo "The password has expired."
	        Else
	            WScript.Echo "The password will expire on " & _
	              DateValue(dtmValue + dblMaxPwdDays) & " (" & _
	              Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
	        End If
	    End If
	End If
[blue]	WScript.Echo
Next[/blue]

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[kdibricida]

Removed wScript.echo at end of script as it prodeuced only a blank box

 

[kdibricida]

PScottC,
For future reference can this be done with any script to cycle through?

Dim arrUser(2)
arrUser(0) = "CN=user1,OU=management,DC=fabrikam,DC=com"
arrUser(1) = "CN=user2,OU=management,DC=fabrikam,DC=com"
arrUser(2) = "CN=user3,OU=management,DC=fabrikam,DC=com"

For ctr = 0 To UBound(arrUser)
WScript.Echo "Checking " & arrUser(ctr)
Set objUser = GetObject("LDAP://" & arrUser(ctr))

I am assuming the the number 2 in Dim arrUser(2)tells the script how many times to cycle.

What in the script increases the ctr

 

[EBGreen]

UBound returns the last valid index for an array. So this statement:

For ctr = 0 To UBound(arrUser)

means, for every value from 0 to the last valid index of arrUser, assign the value to ctr then execute this block of code.

ctr gets incremented each time that the For loop starts over.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[PScottC]

The 2 in arrUser(2) is simply the number of elements in the array. So when I declare the array, I'm simply stating that there will be 3 elements in total (0-2).

Then I use a For...Next statement to loop through the elements of the array. And as EB states, I tell the For...Next statement to loop from 0 to the upper bound of the array, 2 in this case.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[markdmac]

My FAQ may help you with understanding this a little better: faq329-4871

I hope you find this post helpful.

Regards,

Mark

 

[kdibricida]

Ok, All of a sudden today. This script tells me that all the accounts it is checking are expired. Can anyone tell me why.

When i looked at one of the accounts it is telling me that it will not expire for 20 more days

 

[markdmac]

How about posting the full code you are using so we can look for errors in your logic. ;-)

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript