WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

ADSI
plus

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

AD Password Expires Date


Question:

I am creating a report that will show when passwords expire, along with lots of other stuff - I can't remember where the password expiration date is in AD - ideas??

Answer:

It isn't stored any place in AD. You need to access three properties to determine the password experation date pwdLastSet, maxPwdAge and userAccountControl. Here is a COM example translated from a MSFT script example
ADS_UF_DONT_EXPIRE_PASSWD = 65536
E_ADS_PROPERTY_NOT_FOUND  = 2147504141
ONE_HUNDRED_NANOSECOND    = .000000100
SECONDS_IN_DAY            = 86400
MAKE_HIGH                 = 2.0**32

objUser = GetObject("LDAP://shamrock/cn=pass word,cn=users,dc=jclass,dc=org")
intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl & ADS_UF_DONT_EXPIRE_PASSWD
    Message("Password Age", "The password does not expire.")
    Exit
Else
    dtmValue = objUser.PasswordLastChanged
    If dtmValue == ""
        Message("Password Age", "The password has never been set.")
        Exit
    Else
       intTimeInterval = TimeDiffDays(TimeYmdHms(), dtmValue)
    EndIf

    objDomain = GetObject("LDAP://shamrock/dc=jclass,dc=org")
    objMaxPwdAge = objDomain.Get("maxPwdAge")

    If objMaxPwdAge.LowPart == 0
       Message("Password Age","The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire.")
       Exit
    Else
       ; code revised mw 20050818
       dblMaxPwdHigh = objMaxPwdAge.HighPart * MAKE_HIGH
       ;bitshifting to workaround conversion problems here
       lowpart = ((objMaxPwdAge.LowPart >> 1)   & 2147483647 ) * 2.0
       dblMaxPwdNano = dblMaxPwdHigh + lowpart
       dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
       dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)
       Message("Password Age","Maximum password age is %dblMaxPwdDays% days")

       If intTimeInterval >= dblMaxPwdDays
            Message("Password Age","The password has expired.")
        Else
            ExpireDate = TimeAdd(dtmValue, "0000:00:%dblMaxPwdDays%:00:00:00")
            DaysFromNow = TimeDiffDays(ExpireDate, TimeYmdHms())
            Message("Password Age","The password will expire on %ExpireDate% %@crlf%or %DaysFromNow% days from today.")
        End If
    EndIf
EndIf

Article ID:   W16791
File Created: 2007:07:03:14:26:16
Last Updated: 2007:07:03:14:26:16