6.23. Finding Users Whose Passwords Are About to Expire

Problem

You want to find the users whose passwords are about to expire.

Solution

Using a command-line interface

> dsquery user -stalepwd <NumDaysSinceLastPwdChange>

Using Perl

#!perl
# This code finds the user accounts whose password is about to expire
# ------ SCRIPT CONFIGURATION ------
# Domain and container/OU to check for accounts that are about to expire
my $domain   = '<DomainDNSName>';
my $cont     = ''; # set to empty string to query entire domain
                   # Or set to a relative path in the domain, e.g. cn=Users
# Days since password change 
my $days_ago = <NumDaysSinceLastPwdChange>  # e.g. 60;
# ------ END CONFIGURATION ---------

use strict;
use Win32::OLE;
   $Win32::OLE::Warn = 3;
use Math::BigInt;

# Need to convert the number of seconds from $day_ago
# to a large integer for comparison against pwdLastSet
my $past_secs = time - 60*60*24*$days_ago;
my $intObj = Math::BigInt->new($past_secs);
   $intObj = Math::BigInt->new($intObj->bmul('10 000 000'));
my $past_largeint = Math::BigInt->new(
                                  $intObj->badd('116 444 736 000 000 000'));
   $past_largeint =~ s/^[+-]//;

# Setup the ADO connections
my $connObj                         = Win32::OLE->new('ADODB.Connection');
$connObj->{Provider}                = "ADsDSOObject";
# Set these next two if you need to authenticate
# $connObj->Properties->{'User ID'}   = '<User>';     
# $connObj->Properties->{'Password'}  = '<Password>'; $connObj->Open; my $commObj = Win32::OLE->new('ADODB.Command'); $commObj->{ActiveConnection} = $connObj; $commObj->Properties->{'Page ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial