Jump to content
Sign in to follow this  
Colyn1337

Query LDAP for Password Expiration

Recommended Posts

Colyn1337

#Include <File.au3>
#Include <WinAPI.au3>
#include <Misc.au3>
#include <WindowsConstants.au3>
#include <Array.au3>
#include <Date.au3>

Global $year, $mon, $day

; Create ADSI object
$objADSystemInfo = ObjCreate("ADSystemInfo")

; Calculate the maximum age a password is allowed to achieve
$oDomain = ObjGet("LDAP://" & @LogonDomain)
If $oDomain = ("") Then Exit ; If user is not on domain, exit the program
$maxPwdAge = $oDomain.Get("maxPwdAge")
$numDays = (($maxPwdAge.HighPart * 2 ^ 32) +  ($maxPwdAge.LowPart)) / -864000000000

; Find out when the password was last changed
$objUser = ObjGet("LDAP://" & $objADSystemInfo.UserName)
$PasswordChanged = $objUser.PasswordLastChanged
$strPasswordExpirationDate = $objUser.PasswordExpirationDate

; Attempt to convert LDAP Password Expiration date string into usable format for AutoIt
$ExpArray = StringSplit($strPasswordExpirationDate, "")
For $x = 1 To 4
$year = ($year & $ExpArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $ExpArray[$x])
Next
For $x = 7 To 8
$day = ($day & $ExpArray[$x])
Next
$varPasswordExpirationDate = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Password Expires On:  " & $varPasswordExpirationDate & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Pull current time, as of script execution, from LDAP for comparison to expiration date
; Better to use LDAP as users can edit local time/date settings
$RootDSE = ObjGet("LDAP://RootDSE")
$strCurrentTime = abs($RootDSE.get("CurrentTime"))

; Put current time inot usable format for AutoIt
$CurTimeArray = StringSplit($strCurrentTime, "")
For $x = 1 To 4
$year = ($year & $CurTimeArray[$x])
Next
For $x = 5 To 6
$mon = ($mon & $CurTimeArray[$x])
Next
For $x = 7 To 8
$day = ($day & $CurTimeArray[$x])
Next
$varCurrentTime = ($year & "/" & $mon & "/" & $day)
ConsoleWrite("Current Date Is:  " & $varCurrentTime & @LF)
$year = ("")
$day = ("")
$mon = ("")

; Check how long till password expiration
$DaysTillExp = _DateDiff("d", $varCurrentTime, $varPasswordExpirationDate)
ConsoleWrite("Days Till Expiration:  " & $DaysTillExp & @LF)

; Do something
If $DaysTillExp < 15 Then
MsgBox(0, "Password Expiration Notification", "You have " & $DaysTillExp & " days until your password expires!")
EndIf

Exit

Edited by Colyn1337

Share this post


Link to post
Share on other sites
water

Hi Colyn,

or you could try my Active Directory UDF - functions _AD_IsPasswordExpired, _AD_GetPasswordInfo etc.

Water


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-06-01 - Version 1.4.9.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-01-27 - Version 1.3.3.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites
Colyn1337

Water,

That's cool stuff, I'll have to check it out! Tho, we're mostly a Novell shop :)

Edited by Colyn1337

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×