How to obtain password expiration date

Discussion in 'Windows Small Business Server' started by Lardy, Nov 9, 2005.

  1. Lardy

    Lardy Guest

    Hi All,

    Windows SBS 2003 Server Standard Edition

    Is there a way to find when a users password is due to expire and when it
    was last changed?

    I hunted around the net and found the script below from
    http://support.microsoft.com/default.aspx?scid=kb;en-us;323750.
    It gives me an error for line 27 character 5, which I assume is "Set oUser =
    GetObject("LDAP://" & strUserDN)". I have tested it on a Windows 2003
    Server SP1 and it worked like a charm. What changes would need to be made
    for it to work on Windows SBS 2003 Server?

    Lardy.


    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain
    Dim oUser
    Dim maxPwdAge
    Dim numDays

    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"

    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
    maxPwdAge.LowPart) / CCur(-864000000000)
    WScript.Echo "Maximum Password Age: " & numDays

    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)

    WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    WScript.Echo "Password Expires On: " & whenPasswordExpires

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

    WScript.Echo "Done"
     
    Lardy, Nov 9, 2005
    #1
    1. Advertisements

  2. Lardy

    -=gu=- Guest

    Hello Lardy,

    Probably the easiest way to see password expiration is to register the file
    Acctinfo.dll from the Windows 2003 resource kit. If you don't have the kit
    you can download just the file and installation directions from this page:
    http://www.mike-tech.com/article.php?gif=winserver2003&article=306
    Registering it is a piece of cake.

    Once registered on the computer where you run AD Users and Computers, you
    get an additional tab in user properties labeled "Additional Account Info".
    The following fields are displayed on the new property page:
    - Password Last Set
    - Password Expires
    - User Account Control
    - Locked or not
    - Last Login Timestamp
    - SID
    - GUID
    There is also a button to see the domain's default password policy as well
    as other information such as last logoff time, last bad logon, logon count
    and bad password count.

    I've found it to be very helpful at times. Good luck with it!

    *********************
     
    -=gu=-, Nov 9, 2005
    #2
    1. Advertisements

  3. Lardy

    Crina Li Guest

    Hi Lardy,

    Thank you for posting in SBS newsgroup.

    As I know, SBS has its specific OU, please try to change the script to
    reflect to the SBS specific OU structure to see if it helps. For example,
    change "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM" to "/CN=John
    Doe,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=YOURDOMAIN,DC=LOCAL".

    If this still does not work, you may need to post it in the MSDN newsgroup.

    Thanks for your understanding and I look forward to hearing from you.

    Best regards,

    Crina Li (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.

    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    | From: "Lardy" <>
    | Newsgroups: microsoft.public.windows.server.sbs
    | Subject: How to obtain password expiration date
    | Date: Wed, 9 Nov 2005 20:27:31 +1000
    | L|
    | Hi All,
    |
    | Windows SBS 2003 Server Standard Edition
    |
    | Is there a way to find when a users password is due to expire and when it
    | was last changed?
    |
    | I hunted around the net and found the script below from
    | http://support.microsoft.com/default.aspx?scid=kb;en-us;323750.
    | It gives me an error for line 27 character 5, which I assume is "Set
    oUser =
    | GetObject("LDAP://" & strUserDN)". I have tested it on a Windows 2003
    | Server SP1 and it worked like a charm. What changes would need to be
    made
    | for it to work on Windows SBS 2003 Server?
    |
    | Lardy.
    |
    |
    | '========================================
    | ' First, get the domain policy.
    | '========================================
    | Dim oDomain
    | Dim oUser
    | Dim maxPwdAge
    | Dim numDays
    |
    | strDomainDN = "YOURDOMAIN"
    | strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    |
    | Set oDomain = GetObject("LDAP://" & strDomainDN)
    | Set maxPwdAge = oDomain.Get("maxPwdAge")
    |
    | '========================================
    | ' Calculate the number of days that are
    | ' held in this value.
    | '========================================
    | numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
    | maxPwdAge.LowPart) / CCur(-864000000000)
    | WScript.Echo "Maximum Password Age: " & numDays
    |
    | '========================================
    | ' Determine the last time that the user
    | ' changed his or her password.
    | '========================================
    | Set oUser = GetObject("LDAP://" & strUserDN)
    |
    | '========================================
    | ' Add the number of days to the last time
    | ' the password was set.
    | '========================================
    | whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    |
    | WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    | WScript.Echo "Password Expires On: " & whenPasswordExpires
    |
    | '========================================
    | ' Clean up.
    | '========================================
    | Set oUser = Nothing
    | Set maxPwdAge = Nothing
    | Set oDomain = Nothing
    |
    | WScript.Echo "Done"
    |
    |
    |
     
    Crina Li, Nov 10, 2005
    #3
  4. Lardy

    MijakiDK Guest

    Well, there is also the quick way, goto a command prompt and type net users
    "username" /domain (Example net users kimj /domain). That gives all the info
    you need :)
     
    MijakiDK, Nov 10, 2005
    #4
  5. Lardy

    Lardy Guest

    Lardy, Nov 11, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.