6.23. Finding Users Whose Passwords Are About to Expire
Problem
You want to find the users whose passwords are about to expire.
Solution
Using a command-line interface
> dsquery user -stalepwd <NumDaysSinceLastPwdChange
>
Using Perl
#!perl # This code finds the user accounts whose password is about to expire # ------ SCRIPT CONFIGURATION ------ # Domain and container/OU to check for accounts that are about to expire my $domain = '<DomainDNSName
>'; my $cont = ''; # set to empty string to query entire domain # Or set to a relative path in the domain, e.g. cn=Users # Days since password change my $days_ago = <NumDaysSinceLastPwdChange
> # e.g. 60; # ------ END CONFIGURATION --------- use strict; use Win32::OLE; $Win32::OLE::Warn = 3; use Math::BigInt; # Need to convert the number of seconds from $day_ago # to a large integer for comparison against pwdLastSet my $past_secs = time - 60*60*24*$days_ago; my $intObj = Math::BigInt->new($past_secs); $intObj = Math::BigInt->new($intObj->bmul('10 000 000')); my $past_largeint = Math::BigInt->new( $intObj->badd('116 444 736 000 000 000')); $past_largeint =~ s/^[+-]//; # Setup the ADO connections my $connObj = Win32::OLE->new('ADODB.Connection'); $connObj->{Provider} = "ADsDSOObject"; # Set these next two if you need to authenticate # $connObj->Properties->{'User ID'} = '<User
>'; # $connObj->Properties->{'Password'} = '<Password
>'; $connObj->Open; my $commObj = Win32::OLE->new('ADODB.Command'); $commObj->{ActiveConnection} = $connObj; $commObj->Properties->{'Page ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.