Badlogoncount problems

[stealthmsgr]

Hello Guys,

Looks like I have a problem with a script that I have put together. I'm using (sample):

$badlogin = GUICtrlCreateLabel (""& $UserObj.BadLoginCount, 220, 30, 20, 15)

to get the user object badlogincount info. I have tested it on another sample system and deliberately put in bad login's and it doesn't report them.

Am I missing something or should I get different object info?

Thanks for input.

[JLogan3o13]

Can you please post the whole of your code? With just one line it is something of a guess in the dark.

[water]

How do you create $UserObj.

If you try to get the information from Active Directory you could try my AD UDF.

[stealthmsgr]

Hi Water, good to hear from you.

Your UDF was my first stop and used _AD_GetObjectProperties.

Had some difficulties getting the BadLoginCount. Guess I'm missing something.

I used some code from an example from JSThePatriot. I just send this result into a small custom form displayed on logon.

$lastlogin = $UserObj.LastLogin

$Date = StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2) & "/" & StringMid($lastlogin, 1, 4)
$Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2)
GUICtrlCreateLabel ($Date & " "& $Time, 120, 52, 150, 20)
$badlogin = GUICtrlCreateLabel (""& $UserObj.BadLoginCount, 220, 30, 20, 15)

Anyway, it seems that when I run the code it "lies" and produces a Zero result.

I have deliberately produced bad logon's with different users (Admin & std). My result is still Zero!?!?

I could understand if the Admin & equivalent would, but not a std user.

This is specifically for Server 2003 & 2003 R2, but I have tried it on up to Server 2012. Same result.

I have used other object properties that work.

Umm....(scratching my head, now).

Thanks for any help,

Cheers

[stealthmsgr]

Water, this is a follow up to the previous info:

I was attempting to use this code

$aProperties = _AD_GetObjectProperties(@UserName, "badPwdCount")
_ArrayDisplay($aProperties, "Properties for user '" & @UserName & "'")
MsgBox(0, "Info", "Info: " & $aProperties)

Then send it to the logon form.

[water]

If you use my _AD_GetObjectProperties function you need to have a look at the "badPwdCount" property.

[stealthmsgr]

I used it and it did return a value. However, it appears to return consistently Zero.

I also noticed that when I ran the code calling _AD_Open() ...(code, code, code)....... _AD_Close().

My script would hang, but only on the first attempt. If I re-ran the code immediately it would run OK.

Could this be connected to my Zero return value?

[water]

Do you run the badpwdcount for the current user you are logged on to?

If yes, then you will always get a value of 0. MSDN states:

"This attribute is not replicated and is maintained separately on each domain controller in the domain.

This attribute is reset on a specific domain controller when the user successfully logs onto that domain controller."

What you could check is the badPasswordTime property. But this has a similar problem:

"This attribute is not replicated and is maintained separately on each domain controller in the domain. To get an accurate value for the user's last bad password time in the domain, each domain controller in the domain must be queried. The largest value that is obtained represents the true bad password time."

[stealthmsgr]

I found similar info.

"Each DC keeps a separate count, which resets to 0 when the user successfully authenticates."

On which this is a DC.

I suppose I could pull the info from the Event logs?

Do you have any insight into that?

Also, using the Event logs would prove handy for other Auditing related tasks.

[water]

To get the "true" badPasswordTime property you would need to modify function _AD_GetLastLoginDate.

Would only be a minor change because property lastlogindate works the same way as badPasswordTime works.