A. The last-password-change date is stored in the user class's Active Directory (AD) pwdLastSet attribute as a large (64-bit) integer, which means the date must be converted so that it can be read and displayed in a usable "date" format. To perform the conversion, I modified a script by Richard Mueller so that it searches for all users in the passed root distinguished name and outputs their last-password-change date to a screen. You can download the script, listuserpasslastchange.vbs, or copy and paste the following script into a text file.
' John Savill
' This is based on Richard Mueller's script on Interger8Date
' conversion, which is copyrighted as below.
' Copyright (c) 2003 Richard L. Mueller
' Hilltop Lab Web site - http://www.rlmueller.net
'
' I simply changed it to output all objects in a passed DN.
Option Explicit
Dim strLdapPath, objConnection, objChild
Dim lngTZBias, objUser, objPwdLastSet
Dim objShell, lngBiasKey, k
' Check that all required arguments have been passed
If Wscript.Arguments.Count 0 Then
On Error GoTo 0
Integer8Date = #1/1/1601#
End If
On Error GoTo 0
End Function
To run the script, use the syntax
cscript listuserpasslastchange.vbs ou=test,dc=demo,dc=test
You'll see output that's similar to this:
CN=Bruce Wayne 11/17/2003 1:30:14 PM CN=Clark Kent 11/17/2003 1:31:30 PM CN=Hal Jordan 12/6/2004 2:52:56 PM CN=Wally West 3/17/2003 9:04:45 AM
2 comments
Hide comments
