A. The last-password-change date is stored in the user class's Active Directory (AD) pwdLastSet attribute as a large (64-bit) integer, which means the date must be converted so that it can be read and displayed in a usable "date" format. To perform the conversion, I modified a script by Richard Mueller so that it searches for all users in the passed root distinguished name and outputs their last-password-change date to a screen. You can download the script, listuserpasslastchange.vbs, or copy and paste the following script into a text file.
' John Savill ' This is based on Richard Mueller's script on Interger8Date ' conversion, which is copyrighted as below. ' Copyright (c) 2003 Richard L. Mueller ' Hilltop Lab Web site - http://www.rlmueller.net ' ' I simply changed it to output all objects in a passed DN. Option Explicit Dim strLdapPath, objConnection, objChild Dim lngTZBias, objUser, objPwdLastSet Dim objShell, lngBiasKey, k ' Check that all required arguments have been passed If Wscript.Arguments.Count 0 Then On Error GoTo 0 Integer8Date = #1/1/1601# End If On Error GoTo 0 End Function
To run the script, use the syntax
cscript listuserpasslastchange.vbs ou=test,dc=demo,dc=test
You'll see output that's similar to this:
CN=Bruce Wayne 11/17/2003 1:30:14 PM CN=Clark Kent 11/17/2003 1:31:30 PM CN=Hal Jordan 12/6/2004 2:52:56 PM CN=Wally West 3/17/2003 9:04:45 AM
2 comments
Hide comments