Simple Winnt:// question 1

[djtech2k]

Can someone tell me or point me to the properties available for using the winnt provider? I specifically need to know whats available when using it on a local machine but it would be nice to see a list of domain and local machine.

I need to write something for local account password management but when I am trying to grab things like the password expiration, I get errors saying it cannot find it in AD cache.

Thanks!

 

[dm4ever]

This link should have everything you need

http://msdn2.microsoft.com/en-us/library/aa772211.aspx

The second link for computer and user should give you a page with the various properties towards the bottom of each.

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[djtech2k]

That appears to be the provider data to connect to AD. I just need the properties to connect to a local machine SAM database.

For example, objUser.name is an allowed property. I need to know the available properties on a local machine.

 

[tsuji]

[tt]dim wshnetwork,ouser,oprop,sinfo,ncount
set wshnetwork=createobject("wscript.network")
set ouser=getobject("WinNT://" & wshnetwork.computername & "/" & wshnetwork.username & ",user")
set wshnetwork=nothing

sinfo=""
ncount=0
ouser.getInfo
on error resume next
set oprop=ouser.next
do while (not oprop is nothing) and (err.number=0)
sinfo=sinfo & ncount & vbtab & oprop.name & vbcrlf
set oprop=ouser.next
ncount=ncount+1
loop
on error goto 0
wscript.echo sinfo

set oprop=nothing
set ouser=nothing
[/tt]

 

[djtech2k]

Thanks. I do not see what i need in there though.

Here is what I need.

My script reads a list of computer names from a textfile. It connects to each and grabs user info. What I need to do is to check each local user account and see how old the current password is. If the password is older than x amount of days, then I change the password.

I have everything working, along with some other stuff I did not mention, except the ability to check the password age.

 

[tsuji]

>I get errors saying it cannot find it in AD cache
You apply .setInfo before manipulating properties in cache.

 

[tsuji]

Amendment
>[self]You apply .setInfo before manipulating properties in cache.
I meant [red]getInfo[/red]. Sorry!
[tt]You apply .getInfo before manipulating properties in cache.[/tt]

 

[djtech2k]

Thanks. It still is not working. Here is the section that I am referring to:

strServers = wscript.arguments(0)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (strServers, ForReading)

Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    arrList = Split(strNextLine , vbcrlf)
For Each objItem In arrList

Set objServer = GetObject("WinNT://" & objItem)
Set colAccounts = GetObject("WinNT://" & objServer.name & "")
colAccounts.Filter = Array("user")

For Each objUser In colAccounts
objUser.GetInfo
wscript.echo objUser.name
wscript.echo objUser.AccountExpirationDate

Next
Next
Loop

when I run that, I get:

"Computer_Local_Accounts_By_Date.vbs(32, 1) Active Directory: The directory property cannot be found in the cache.

 

[tsuji]

It is not mandatory. It may not be set.
[tt]
on error resume next
if err.number<>0 then
wscript.echo "AccountExpirationDate is not set"
err.clear
else
wscript.echo objUser.AccountExpirationDate
end if
on error goto 0
[/tt]

 

[djtech2k]

Ok, I put in your code to check for error and I ended up with the same result. It actually worked for one account (said not set) and the second account gave me the same error. Here is the code:

Option Explicit
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim objFSO, objTextFile, strNextLine, arrList
Dim objServer, user, objUser, objItem, strPW
Dim colAccounts, strServers, objUser2

on error resume next

strPW = "password"
strServers = wscript.arguments(0)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (strServers, ForReading)

Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    arrList = Split(strNextLine , vbcrlf)
For Each objItem In arrList

Set objServer = GetObject("WinNT://" & objItem)
Set colAccounts = GetObject("WinNT://" & objServer.name & "")
colAccounts.Filter = Array("user")

For Each objUser In colAccounts
objUser.GetInfo
wscript.echo objUser.name
wscript.echo objUser.AccountExpirationDate

if err.number<>0 then
    wscript.echo "AccountExpirationDate is not set"
    err.clear
else
    wscript.echo objUser.AccountExpirationDate
end if
on error goto 0

 

[tsuji]

Come on. You know on error resume next, no?

 

[tsuji]

Sorry, I too left out a line.
[tt]
on error resume next
[blue]dt=objUser.AccountExpirationDate[/blue]
if err.number<>0 then
wscript.echo "AccountExpirationDate is not set"
err.clear
else
wscript.echo objUser.AccountExpirationDate 'or dt
end if
on error goto 0
[/tt]

 

[djtech2k]

I gotta be honest, I very seldomly use it. I use it occasionally when I expect certain errors, but not a lot more detailed than that.

I know I know....its kind of embarrassing, but my vbscript knowledge has been 100% learn on the fly and I have never had the training or the time to go back and learn some of the basics that I should have learned first thing.

With that being said, I know what it does and I know that using the err.number is a way to catch errors. I would say that I do not know 100% the concepts of how it works.

 

[djtech2k]

Ok, after I added the extra line, it worked. I am going to continue to test properly. Thanks for the heads up.

 

[djtech2k]

I am actually getting a weird response now. I changed one of the accounts that it enumerates and set it to that the password DOES have to change and I also tried it set to "must change at next logon" as a test. When I run this code against it, I still get the "AccountExpirationDate is not set for " & objUser.name.

Any idea why that would be?

here is the exact code BTW:

Option Explicit
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim objFSO, objTextFile, strNextLine, arrList
Dim objServer, user, objUser, objItem, strPW
Dim colAccounts, strServers, objUser2, dt

strPW = "password"
strServers = wscript.arguments(0)

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile (strServers, ForReading)

Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline
    arrList = Split(strNextLine , vbcrlf)
For Each objItem In arrList

Set objServer = GetObject("WinNT://" & objItem)
Set colAccounts = GetObject("WinNT://" & objServer.name & "")
colAccounts.Filter = Array("user")

For Each objUser In colAccounts
objUser.GetInfo
'wscript.echo objUser.name
'wscript.echo objUser.AccountExpirationDate

on error resume next
dt=objUser.AccountExpirationDate
if err.number<>0 then
    wscript.echo "AccountExpirationDate is not set for " & objUser.name
    err.clear
else
    wscript.echo objUser.AccountExpirationDate   'or dt
end if
on error goto 0

Next
Next
Loop

 

[tsuji]

[1] The listed script has nothing to do to elucidate how you do change.
[2] PasswordExpired, PasswordExpirationDate etc etc are not the same concept to AccountExpirationDate.
[3] 10+ exchanges and getting nowhere. It is not right.

 

[tsuji]

Take on a test user account without it set, and assign an arbitrary (large) expiry date.
[tt]
objUser.AccountExpirationDate=#2018/12/31#
objUser.setInfo
[/tt]
and do the exercise again.

 

[djtech2k]

I will indeed try that, but my goal here is to determine passwords that are 90 days old. If the password has not been changed in 90 days, then I need to change it.

I thought the AccountExpirationDate was the way that I could find the password age. If this were AD, I would have it finished in a few minutes. I just do not know the field to find/query to find out the password age.

 

[tsuji]

Q: How old is the password?
[tt]
pwdage=ouser.passwordage 'in unit of second (since password last changed)
dts=pwdage
d=int(dts/60/60/24)
dts=dts mod 60*60*24
hh=right("00" & int(dts/60/60),2)
dts=dts mod 60*60
mn=right("00" & int(dts/60),2)
dts=dts mod 60
ss=right("00" & dts,2)

wscript.echo ouser.name & vbcrlf & "passwordage: " & pwdage & " sec" & vbcrlf & _
"passwordage: " & d & " days " & hh & " hr " & mn & " min " & ss & "sec"
[/tt]
You know what to do, it seems?

 

[djtech2k]

Thank you VERY much tsuji. The part that I needed all along was the passwordage. I did not know what property to call in order to get password age.

Thanks again.