Borrowing from the technique in tip 9383, I have scripted WhenPwdExp.bat to
set an environment variable to a user's password expiration date, and a user's password expiration time.
The syntax for using WhenPwdExp.bat is:
WhenPwdExp UserDN DateExp TimeExp
Where:
UserDN is a user's distinguished Name, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM". DateExp is a call directed environment variable that will contain UserDN's password expiration date. TimeExp is a call directed environment variable that will contain UserDN's password expiration time.NOTE: if the password is set to never expire, DateExp and TimeExp are set to NEVER.
WhenPwdExp.bat contains:
@echo Off if \{%3\}==\{\} @echo Syntax: WhenPwdExp UserDN DateExp TimeExp&goto :EOF if exist "%TEMP%\WhenPwdExp.vbs" goto doit @echo Dim objArgument, oDomain, oUser, maxPwdAge, numDays, PwdX, strDomainDN, strUserDN, OK>"%TEMP%\WhenPwdExp.vbs" @echo Set objArgument = Wscript.Arguments>>"%TEMP%\WhenPwdExp.vbs" @echo strDomainDN =objArgument^(0^)>>"%TEMP%\WhenPwdExp.vbs" @echo strUserDN = strDomainDN ^& "/" ^& objArgument^(1^)>>"%TEMP%\WhenPwdExp.vbs" @echo Set oDomain = GetObject^("LDAP://" ^& strDomainDN^)>>"%TEMP%\WhenPwdExp.vbs" @echo Set maxPwdAge = oDomain.Get^("maxPwdAge"^)>>"%TEMP%\WhenPwdExp.vbs" @echo numDays = CCur^(^(maxPwdAge.HighPart * 2 ^^ 32^) + maxPwdAge.LowPart^) / CCur^(-864000000000^)>>"%TEMP%\WhenPwdExp.vbs" @echo Set oUser = GetObject^("LDAP://" ^& strUserDN^)>>"%TEMP%\WhenPwdExp.vbs" @echo PwdX = DateAdd^("d", numDays, oUser.PasswordLastChanged^)>>"%TEMP%\WhenPwdExp.vbs" @echo OK=oUser.userAccountControl AND 65536>>"%TEMP%\WhenPwdExp.vbs" @echo if OK = 65536 Then>>"%TEMP%\WhenPwdExp.vbs" @echo. PwdX = "NEVER NEVER">>"%TEMP%\WhenPwdExp.vbs" @echo End If>>"%TEMP%\WhenPwdExp.vbs" @echo WScript.Echo PwdX>>"%TEMP%\WhenPwdExp.vbs" @echo Set oUser = Nothing>>"%TEMP%\WhenPwdExp.vbs" @echo Set maxPwdAge = Nothing>>"%TEMP%\WhenPwdExp.vbs" @echo Set oDomain = Nothing>>"%TEMP%\WhenPwdExp.vbs" :doit for /f "Tokens=1*" %%a in ('cscript //nologo "%TEMP%\WhenPwdExp.vbs" %USERDNSDOMAIN% %1') do ( set %2=%%a set %3=%%b )
0 comments
Hide comments