JSI Tip 9383. How can I determine the date and time that a user password expires, the date and time that the password was last set, and the maximum password age?

I have scripted WhenPwdX.bat to determine the date and time that a user password expires, the date and time that the password was last set, and the maximum password age.

The output is displayed on the console, but can be redirect to a file, or parsed in a FOR command.

Sample Usage

call whenPwdX DomainName "User Distinguished Name"

Where DomainName is the domain name, like JSIINC.COM, and "User Distinguished Name" is the user's distinguished name, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM".

The output might look like one of the following:

05/02/2005 14:47:17 03/21/2005 14:47:17 42.94967296

NEVER NEVER 07/01/2004 16:07:12 42.94967296
You can redirect the output to a file using:

call whenPwdX DomainName "User Distinguished Name">>FileName

You can parse the output using a FOR command using:

FOR /f "Tokens=1-5" %%a in ('call whenPwdX DomainName "User Distinguished Name"') do (
  set DateEXP=%%a
  set TimeEXP=%%b
  set DateSET=%%c
  set TimeSET=%%d
  set Days=%%e
  . . .
  . . .
WhenPwdX.bat contains:
@echo off
If \{%2\}==\{\} @echo Syntax: WhenPwdX DomainName UserDistinguishedName&goto :EOF
set oDomain=%1
set oUser=%2
if exist "%TEMP%\WhenPwdX.vbs" goto doit
@echo Dim oDomain, oUser, maxPwdAge, numDays, objArguments>"%TEMP%\WhenPwdX.vbs"
@echo Set objArguments = Wscript.Arguments>>"%TEMP%\WhenPwdX.vbs"
@echo strDomainDN=objArguments^(0^)>>"%TEMP%\WhenPwdX.vbs"
@echo strUserDN = strDomainDN ^& "/" ^& objArguments^(1^)>>"%TEMP%\WhenPwdX.vbs"
@echo Set oDomain = GetObject^("LDAP://" ^& strDomainDN^)>>"%TEMP%\WhenPwdX.vbs"
@echo Set maxPwdAge = oDomain.Get^("maxPwdAge"^)>>"%TEMP%\WhenPwdX.vbs"
@echo numDays = CCur^(^(maxPwdAge.HighPart * 2 ^^ 32^) + _>>"%TEMP%\WhenPwdX.vbs"
@echo maxPwdAge.LowPart^) / CCur^(-864000000000^)>>"%TEMP%\WhenPwdX.vbs"
@echo Set oUser = GetObject^("LDAP://" ^& strUserDN^)>>"%TEMP%\WhenPwdX.vbs"
@echo OK= oUser.userAccountControl AND 65536>>"%TEMP%\WhenPwdX.vbs"
@echo whenPasswordExpires = DateAdd^("d", numDays, oUser.PasswordLastChanged^)>>"%TEMP%\WhenPwdX.vbs"
@echo if OK = 65536 Then>>"%TEMP%\WhenPwdX.vbs"
@echo  WhenPasswordExpires = "NEVER NEVER">>"%TEMP%\WhenPwdX.vbs"
@echo End If>>"%TEMP%\WhenPwdX.vbs"
@echo WScript.Echo whenPasswordExpires ^& " " ^& oUser.PasswordLastChanged ^& " " ^& numDays>>"%TEMP%\WhenPwdX.vbs"
@echo Set oUser = Nothing>>"%TEMP%\WhenPwdX.vbs"
@echo Set maxPwdAge = Nothing>>"%TEMP%\WhenPwdX.vbs"
@echo Set oDomain = Nothing>>"%TEMP%\WhenPwdX.vbs"
cscript //nologo "%TEMP%\WhenPwdX.vbs" %oDomain% %oUser%

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.