Using the Active Directory Command-Line Tools, I have scripted UserAcctExpired.bat to list the User Name and expiration date of user accounts in my domain that have expired, or will expire today, and are NOT disabled.
NOTE: This is for account expiration, NOT password expiration.
The syntax for using UserAcctExpired.bat is:
UserAcctExpired
NOTE: UserAcctExpired.bat uses UnivDate.bat, which must be located in a folder that is in your PATH.
UserAcctExpired.bat contains:
@echo off
setlocal
call univdate
set /a mm=100%mm%%%100
if %mm% LSS 10 set mm=0%mm%
set /a dd=100%dd%%%100
if %dd% LSS 10 set dd=0%dd%
set /a yy=10000%yy%%%10000
if %yy% LSS 2000 set /a yy=%yy% + 2000
set ymd=%yy%%mm%%dd%
set qry1=dsquery user -name *
set qry2=dsget user -samid -acctexpires -disabled
set fnds=findstr /L /I /V /C:"dsget succeeded" /C:"acctexpires"
for /f "Tokens=1,2*" %%a in ('%qry1% ^| %qry2% ^|%fnds%') do (
if /i "%%c" NEQ "yes" if /i "%%b" NEQ "never" call :exp "%%a" %%b
)
endlocal
goto :EOF
:exp
set w1=%2
set w2=%w1:~6,4%%w1:~0,2%%w1:~3,2%
if %w2% GTR %ymd% goto :EOF
@echo %1 %2
0 comments
Hide comments
