I have scripted PwWarn.bat to email a user when their domain password is within the warning period. The syntax for using PwWarn.bat is:
PwWarn \[days\]
where days is an optional parameter that specifies the number number of days prior to the expiration that the warning is produced. The default is 14 days.
In addition to the email, PwWarn.bat displays a console message for each user that is emailed, like:
. . "Jerry": Your account expires on 08/31/2006.
and a console message for each user that could not be emailed, like:
*** "Jordan": Your account expires on 04/30/2006. No Email configured.
You can schedule PwWarn.bat to run daily, or you can run it manually.
PwWarn.bat uses the following routines, which must be in a folder in your PATH:
ADFind.exe
univdate.bat
Date2YMD.bat
DatePorM.bat
BLAT.exe
PwWarn.bat contains:
@echo off
setlocal EnableDelayedExpansion
set /a warn=14
if not \{%1\}==\{\} set /a warn=%1
call univdate
call DatePorM %warn% DatePlus
call Date2YMD %DatePlus% yy mm dd
set AYMD=%yy%%mm%%dd%
for /f "Tokens=1*" %%u in ('adfind -default -nodn -csv -nocsvheader -f "&(objectcategory=person)(objectClass=user)" sAMAccountName mail') do (
if %%u NEQ "" call :chkdt %%u %%v
)
if exist "%TEMP%\PwWarn.txt" del /q "%TEMP%\PwWarn.txt"
endlocal
goto :EOF
:chkdt
set user=%1
set email=%2
for /f "Tokens=3" %%a in ('net user %user% /domain^|findstr /i /L /c:"Password expires"') do (
set expires=%%a
)
if /i "%expires%" EQU "Never" goto :EOF
call Date2YMD %expires% yy mm dd
if "%AYMD%" LSS "%yy%%mm%%dd%" goto :EOF
if %email% EQU "" (
@echo *** %user%: Your account expires on %expires%. No Email configured. & goto :EOF
) ELSE (
@echo . . %user%: Your account expires on %expires%.
)
call :quiet>nul 2>&1
goto :EOF
:quiet
@echo %user%: Your account expires on %expires%.>"%TEMP%\PwWarn.txt"
blat "%TEMP%\PwWarn.txt" -to %email% -s %user%: Your account expires on %expires%"
2 comments
Hide comments