Sign in to follow this  
Followers 0
Colyn1337

Query LDAP for Password Expiration

3 posts in this topic

#1 ·  Posted (edited)

#Include <File.au3>
#Include <WinAPI.au3>
#include <Misc.au3>
#include <WindowsConstants.au3>
#include <Array.au3>
#include <Date.au3>

Global $year, $mon, $day

; Create ADSI object
$objADSystemInfo = ObjCreate("ADSystemInfo")

; Calculate the maximum age a password is allowed to achieve
$oDomain = ObjGet("LDAP://" & @LogonDomain)
If $oDomain = ("") Then Exit ; If user is not on domain, exit the program
$maxPwdAge = $oDomain.Get("maxPwdAge")
$numDays = (($maxPwdAge.HighPart * 2 ^ 32) +  ($maxPwdAge.LowPart)) / -864000000000

; Find out when the password was last changed
$objUser = ObjGet("LDAP://" & $objADSystemInfo.UserName)
$PasswordChanged = $objUser.PasswordLastChanged
$strPasswordExpirationDate = $objUser.PasswordExpirationDate

; Attempt to convert LDAP Password Expiration date string into usable format for AutoIt
$ExpArray = StringSplit($strPasswordExpirationDate, "")
For $x = 1 To 4
$year = ($year & $ExpArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $ExpArray[$x])
Next
For $x = 7 To 8
$day = ($day & $ExpArray[$x])
Next
$varPasswordExpirationDate = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Password Expires On:  " & $varPasswordExpirationDate & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Pull current time, as of script execution, from LDAP for comparison to expiration date
; Better to use LDAP as users can edit local time/date settings
$RootDSE = ObjGet("LDAP://RootDSE")
$strCurrentTime = abs($RootDSE.get("CurrentTime"))

; Put current time inot usable format for AutoIt
$CurTimeArray = StringSplit($strCurrentTime, "")
For $x = 1 To 4
$year = ($year & $CurTimeArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $CurTimeArray[$x])
Next
For $x = 7 To 8
$day = ($day & $CurTimeArray[$x])
Next
$varCurrentTime = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Current Date Is:  " & $varCurrentTime & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Check how long till password expiration
$DaysTillExp = _DateDiff("d", $varCurrentTime, $varPasswordExpirationDate)
ConsoleWrite("Days Till Expiration:  " & $DaysTillExp & @LF)

; Do something
If $DaysTillExp < 15 Then
MsgBox(0, "Password Expiration Notification", "You have " & $DaysTillExp & " days until your password expires!")
EndIf

Exit

Edited by Colyn1337

Share this post


Link to post
Share on other sites



Hi Colyn,

or you could try my Active Directory UDF - functions _AD_IsPasswordExpired, _AD_GetPasswordInfo etc.

Water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Water,

That's cool stuff, I'll have to check it out! Tho, we're mostly a Novell shop :)

Edited by Colyn1337

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0