Jump to content

Query LDAP for Password Expiration


Recommended Posts

#Include <File.au3>
#Include <WinAPI.au3>
#include <Misc.au3>
#include <WindowsConstants.au3>
#include <Array.au3>
#include <Date.au3>

Global $year, $mon, $day

; Create ADSI object
$objADSystemInfo = ObjCreate("ADSystemInfo")

; Calculate the maximum age a password is allowed to achieve
$oDomain = ObjGet("LDAP://" & @LogonDomain)
If $oDomain = ("") Then Exit ; If user is not on domain, exit the program
$maxPwdAge = $oDomain.Get("maxPwdAge")
$numDays = (($maxPwdAge.HighPart * 2 ^ 32) +  ($maxPwdAge.LowPart)) / -864000000000

; Find out when the password was last changed
$objUser = ObjGet("LDAP://" & $objADSystemInfo.UserName)
$PasswordChanged = $objUser.PasswordLastChanged
$strPasswordExpirationDate = $objUser.PasswordExpirationDate

; Attempt to convert LDAP Password Expiration date string into usable format for AutoIt
$ExpArray = StringSplit($strPasswordExpirationDate, "")
For $x = 1 To 4
$year = ($year & $ExpArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $ExpArray[$x])
Next
For $x = 7 To 8
$day = ($day & $ExpArray[$x])
Next
$varPasswordExpirationDate = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Password Expires On:  " & $varPasswordExpirationDate & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Pull current time, as of script execution, from LDAP for comparison to expiration date
; Better to use LDAP as users can edit local time/date settings
$RootDSE = ObjGet("LDAP://RootDSE")
$strCurrentTime = abs($RootDSE.get("CurrentTime"))

; Put current time inot usable format for AutoIt
$CurTimeArray = StringSplit($strCurrentTime, "")
For $x = 1 To 4
$year = ($year & $CurTimeArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $CurTimeArray[$x])
Next
For $x = 7 To 8
$day = ($day & $CurTimeArray[$x])
Next
$varCurrentTime = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Current Date Is:  " & $varCurrentTime & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Check how long till password expiration
$DaysTillExp = _DateDiff("d", $varCurrentTime, $varPasswordExpirationDate)
ConsoleWrite("Days Till Expiration:  " & $DaysTillExp & @LF)

; Do something
If $DaysTillExp < 15 Then
MsgBox(0, "Password Expiration Notification", "You have " & $DaysTillExp & " days until your password expires!")
EndIf

Exit

Edited by Colyn1337
Link to post
Share on other sites

Hi Colyn,

or you could try my Active Directory UDF - functions _AD_IsPasswordExpired, _AD_GetPasswordInfo etc.

Water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2021-06-05 - Version 1.5.4.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2021-06-14 - Version 1.6.5.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download
Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
Task Scheduler (2019-12-03 - Version 1.5.1.0) - Download - General Help & Support - Wiki

Tutorials:
ADO - Wiki, WebDriver - Wiki

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...