Password Expiration remote users

[Noffe]

Hi

I have users that mostly work on the field.
The problem is that they have sometimes missed to renew their passwords and therefor got problem when they connect remotely.

I found this "Email Notification of Impending Password Expiration" script (

http://www.tek-tips.com/viewthread.cfm?qid=1433489)

on this site But the problem is that this script runs for all the users in the domain.
Can someone help me modify it so:
1. Only triggers for an OU or an Ad group.
2. Doesn't disable the account even if the time has expired.

Thankful for help.
Regards
Christian

 

[Noffe]

Please isn't there anyone that can help?

It's this script i need modified:

'==========================================================================
'
' NAME: PswdExpireEmail.vbs
'
' AUTHOR:  David Varela, vbScript N00b
' DATE:  12/07/2007
' VERSION:  1.0
'
' COMMENT:  Determine when a user's password was last changed, and if the password
'           is 14 days from expiring send him/her an e-mail advising their password
'           must be changed.  The logic defines variables for the user's sAMAccountName,
'           DistinguishedName, mail, and DisplayName values, and identifies the OU the
'           user is contained in.  If the user does not have an e-mail address, their
'           supervisor, identified by the OU the user exists in, will be sent an e-mail
'           regarding the user's password expiration status.  If the user does not change
'           their password before the day it is set to expire, their account will be set
'           to change their password on the day it is set to expire.  If the user does
'           not change their password on or before the date it is set to expire, the
'           account will be disabled.
'
'==========================================================================
On Error Resume Next
strComputer = "."
'''''''''''''''''''''''''''
Const ADS_SCOPE_SUBTREE = 2
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

'Create an Array of sAMAccountName's that you wish to exclude from being evaluated by this script
'''''''''''''''''''''''''''
Dim UserArray(1) 'Remember to change the value in parenthesis to equal the total Qty of items in the array

UserArray(0) = "GAK" 'Replace GAK with the sAMAccountName of the user to exclude.  Increment the value in parenthesis for each
                     'item in the Array
'''''''''''''''''''''''''''
'ADO is used to access Active Directory.  This should not be changed
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://rootDSE")

DomainString = objRootDSE.Get("dnsHostName")

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'''''''''''''''''''''''''''
'The SELECT statement retrieves each user's DisplayName, Mail, DistinguishedName, and sAMAccountName values for all users in
'Active Directory
objCommand.CommandText = "SELECT DisplayName,mail,DistinguishedName,sAMAccountName  FROM 'LDAP://dc=<DOMAIN>,dc=<COM>'" & _
    " WHERE objectCategory='user'" 'Be sure to specify your Domain information in DC=<>,DC=<>
Set objRecordSet = objCommand.Execute

'The meat of the logic is defined in the following DO Loop.
'This loop will execute for each user in AD, except for those specified in UserArray
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strUser = objRecordSet.Fields("sAMAccountName").Value
    strDN = objRecordSet.Fields("DistinguishedName").Value
    strMail = objRecordSet.Fields("mail").Value
    strFullName = objRecordSet.Fields("DisplayName").Value
    
    arrPath = Split(strDN, ",")
    intLength = Len(arrPath(1))
    intNameLength = intLength - 3
    strOU = Right(arrPath(1), intNameLength)
    
    i = 1

'This is where the user will be checked against UserArray.
'If the user exists in the array, flag it for exclusion
    For Each b In UserArray
        If b = strUser Then
            i = 0
        End If
    Next

'If the user is not in UserArray, perform the Password Expiration check
    If i <> 0 Then
        For Each objItem in strUser
            Set objUserLDAP = GetObject ("LDAP://" & strDN & "")
            intCurrentValue = objUserLDAP.Get("userAccountControl")

            If intCurrentValue And ADS_UF_DONT_EXPIRE_PASSWD Then 'If the user's password is set to not expire
                                                                  'then do not do anything further
                WScript.Echo "The password for user " & strUser & " was set to not expire."
            Else
                dtmValue = objUserLDAP.PasswordLastChanged 'The latest date the user changed her/his password
                strDays = DateDiff("d", Now, "12/21/2007") 'Specify which date you wish to evaluate against
                str90Days = Int(Now + strDays - 90) 'Determines what date is 90 days from the date specified above
                    If DateValue(dtmValue) < str90Days And strDays > 0 Then 'If the user's password will expire on
                                                                            'the date you specified AND today is
                                                                            'before that date, send the user an
                                                                            'e-mail.
                        If strMail <> "" Then
                            Set objEmail = CreateObject("CDO.Message")
                            objEmail.From = "<IT e-mail Address>"
                            objEmail.To = "" & strMail & ""
                            objEmail.Subject = "Password about to expire."
                            objEmail.Textbody = "Your password will expire in " & strDays & " days.  Please change your" & _
                                " password before December 21st to avoid being restricted from the Domain.  If you have" & _
                                " any questions please contact the IT Department."
                            objEmail.Send
                        Else 'If the user does not have an e-mail address, send an e-mail to their supervisor
                            If strOU = "<OU Name1>" Then
                                strTo = "<Supervisor1 e-mail address>"
                            ElseIf strOU = "<OU Name2>" Then
                                strTo = "<Supervisor2 e-mail address>"
                            Else
                                strTo = "<IT e-mail address>"
                            End If
                                Set objEmail = CreateObject("CDO.Message")
                                objEmail.From = "<IT e-mail Address>"
                                objEmail.To = strTo
                                objEmail.Subject = "Password about to expire for " & strFullName & "."
                                objEmail.Textbody = "" & strFullName & "'s password will expire in " & strDays & " days." & _
                                    "  Please advise her/him that she/he must change her/his password before December 21st to" & _
                                    " avoid being restricted from the Domain.  If you have any questions please contact the" & _
                                    " IT Department."
                                objEmail.Send
                        End If
                    ElseIf DateValue(dtmValue) < str90Days  And strDays = 0 Then 'If the user's password will expire
                                                                                 'at the end of the day today, set their
                                                                                 'account to change the password on next logon.
                        objUserLDAP.Put "PwdLastSet", 0
                        objUserLDAP.SetInfo
                        WScript.Echo "User " & strUser & "'s account has been set to change password upon next logon."
                    ElseIf DateValue(dtmValue) < str90Days And strDay < 0 Then 'If the user's password was set to expire
                                                                               'on the date specified and that date has passed,
                                                                               'disable the user's account.
                        objUserLDAP.AccountExpirationDate = strYstrDay
                        objUserLDAP.SetInfo
                        WScript.Echo "User " & strUser & "'s account has been disabled due to expired password."
                    Else 'If this user's password has been changed recently, do not do anything
                        WScript.Echo "" & strFullName & "'s password was last changed on " & DateValue(dtmValue)
                    End If
            End If
        Next
End If
    objRecordSet.MoveNext
Loop

Set objConnection = Nothing
Set objCommand = Nothing
Set objCommand.ActiveConnection = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
Set objUserLDAP = Nothing
Set objEmail = Nothing

WScript.Quit

Thankful for help.
Regards
Christian