JSI Tip 8330. What user accounts in my domain are expired?

Using the Active Directory Command-Line Tools, I have scripted UserAcctExpired.bat to list the User Name and expiration date of user accounts in my domain that have expired, or will expire today, and are NOT disabled.

NOTE: This is for account expiration, NOT password expiration.

The syntax for using UserAcctExpired.bat is:


NOTE: UserAcctExpired.bat uses UnivDate.bat, which must be located in a folder that is in your PATH.

UserAcctExpired.bat contains:

@echo off
call univdate
set /a mm=100%mm%%%100
if %mm% LSS 10 set mm=0%mm%
set /a dd=100%dd%%%100
if %dd% LSS 10 set dd=0%dd%
set /a yy=10000%yy%%%10000
if %yy% LSS 2000 set /a yy=%yy% + 2000
set ymd=%yy%%mm%%dd%
set qry1=dsquery user -name *
set qry2=dsget user -samid -acctexpires -disabled
set fnds=findstr /L /I /V /C:"dsget succeeded" /C:"acctexpires"
for /f "Tokens=1,2*" %%a in ('%qry1% ^| %qry2% ^|%fnds%') do (
 if /i "%%c" NEQ "yes" if /i "%%b" NEQ "never" call :exp "%%a" %%b
goto :EOF
set w1=%2
set w2=%w1:~6,4%%w1:~0,2%%w1:~3,2%
if %w2% GTR %ymd% goto :EOF
@echo %1 %2

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.