Password never expire(not including disabled accounts)

Discussion in 'Scripting' started by Misha, Apr 20, 2006.

  1. Misha

    Misha Guest

    I have the script to enumerate the password never expire accounts but I am
    wondering how can I enumerate with the same script accounts with passwords
    never expire but only for users accounts which are enabled and not disabled.
    I noticed there are many accounts in my directory with password never expire
    which are disabled and I don't want to include them.
    Here is the script I am using:

    On Error Resume Next

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000

    objCommand.CommandText = _
    "<LDAP://dc=fabrikam,dc=com>;" & _

    "(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536));"
    & _
    "Name;Subtree"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
    Loop

    Would somebody so kind to help me excluding disabeld accounts from my query.

    Many thanks,
    Misha
     
    Misha, Apr 20, 2006
    #1
    1. Advertisements


  2. Hi,

    use the following query clause:

    "(&(objectCategory=user)" _
    & "(userAccountControl:1.2.840.113556.1.4.803:=65536)" _
    & "(!userAccountControl:1.2.840.113556.1.4.803:=2))"

    This means users with "password never expires" and disabled flag not set (!
    is the Not operator).
     
    Richard Mueller, Apr 20, 2006
    #2
    1. Advertisements

  3. Misha

    JTW Guest

    You can add another condition to the query, specifying an NOT condition
    for the AccountDisabled (0x2) bit:

    On Error Resume Next

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 1000

    objCommand.CommandText = _
    "<LDAP://dc=dx21,dc=llc>;" & _
    "(&(objectCategory=User)" & _
    "(userAccountControl:1.2.840.113556.1.4.803:=65536)" & _
    "(!(userAccountControl:1.2.840.113556.1.4.803:=2)));" & _
    "Name;Subtree"

    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
    Loop
     
    JTW, Apr 20, 2006
    #3
  4. Misha

    Misha Guest

    THANK YOU VERY MUCH !!!

    Misha

     
    Misha, Apr 21, 2006
    #4
  5. Misha

    Misha Guest

    Very much appreciated.

    Misha
     
    Misha, Apr 21, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.