Using the Active Directory Command-Line Tools, I have scripted UserAcctExpired.bat to list the User Name and expiration date of user accounts in my domain that have expired, or will expire today, and are NOT disabled.
NOTE: This is for account expiration, NOT password expiration.
The syntax for using UserAcctExpired.bat is:
UserAcctExpired
NOTE: UserAcctExpired.bat uses UnivDate.bat, which must be located in a folder that is in your PATH.
UserAcctExpired.bat contains:
@echo off setlocal call univdate set /a mm=100%mm%%%100 if %mm% LSS 10 set mm=0%mm% set /a dd=100%dd%%%100 if %dd% LSS 10 set dd=0%dd% set /a yy=10000%yy%%%10000 if %yy% LSS 2000 set /a yy=%yy% + 2000 set ymd=%yy%%mm%%dd% set qry1=dsquery user -name * set qry2=dsget user -samid -acctexpires -disabled set fnds=findstr /L /I /V /C:"dsget succeeded" /C:"acctexpires" for /f "Tokens=1,2*" %%a in ('%qry1% ^| %qry2% ^|%fnds%') do ( if /i "%%c" NEQ "yes" if /i "%%b" NEQ "never" call :exp "%%a" %%b ) endlocal goto :EOF :exp set w1=%2 set w2=%w1:~6,4%%w1:~0,2%%w1:~3,2% if %w2% GTR %ymd% goto :EOF @echo %1 %2
0 comments
Hide comments