Skip navigation
Menu
Compute Engines

JSI Tip 9349. Another way to calculate a user's approximate password expiration date?


In tip 8485, we calculated a user's approximate password expiration date.

Using Findexpacc.exe, a freeware command-line Active Directory query tool to find accounts with expired passwords, or expired accounts, available at the bottom of this tip, I have scripted PwdExp.bat to return accounts whose password has expired, or will expire in days days in the future.

The syntax for using PwdExp.bat is:

PwdExp \[days\]

Where days is an optional parameter that will advance the cacluation by days in the future. If you wanted to return the user account whose password will be expired in 10 days, use PwdExp 10. This includes those accounts who password is already expired.

When you run PwdExp.bat, the output is displayed on the console in the following semi-colon delimited format:

"User Distinguished Name";"User SAMID";"User Email Address";Password_Last_Set_YYYYMMDDHHmmSS;Password_Age_In_Days
You can redirect the output to a file using PwdExp \[days\]>FileName.

You can process the output in a batch using:

for /f "Tokens=*" %%a in ('pwdexp 10') do (
 call :process %%a
)
...
...
endlocal
goto :EOF
:process
set dn=%1
set samid=%2
set email=%3
set pls=%4
set age=%5
...
...
goto :EOF
PwdExp.bat contains: 
@echo off
setlocal ENABLEDELAYEDEXPANSION
set wrk=%TEMP%\PwdExp_%RANDOM%
set wrk1="%wrk%.tm1"
set wrk2="%wrk%.tm2"
if exist %wrk1% del /q %wrk1%
set /a days=0
if not \{%1\}==\{\} set /a days=%1
set qry=findexpacc -pwd -ps 1000 -days %days% 
call :quiet 2>>nul
if not exist %wrk1% goto :finish
sort %wrk1% /O %wrk2%
del /q %wrk1%
for /f "Tokens=1-7 Delims=»" %%a in ('type %wrk2%') do (
 call :PwdExpOut %%a %%b %%c %%d %%e %%f %%g
)
del /q %wrk2%
:finish
endlocal
goto :EOF
:PwdExpOut
set dn=%1
set samid=%4
set email=%7
set pls=%5
set pls=%pls:"=%
for /f "Tokens=1-6 delims=/-:" %%i in ('@echo %pls%') do (
 set YY=%%i
 set MM=%%j
 set DD=%%k
 set HH=%%l
 set TT=%%m
 set SS=%%n
)
set pls=%YY%%MM%%DD%%HH%%TT%%SS%
set age=%6
set age=%age:"=%
set /a age=10000%age%%%10000
@echo %dn%;%samid%;%email%;%pls%;%age%
goto :EOF
:quiet
for /f "Tokens=*" %%u in ('%qry%^|findstr /b /l /C:""""') do (
 set wrk=%%u
 set wrk=!wrk:","="»"!
 @echo !wrk!>>%wrk1%
)



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023