Jump to content
Sign in to follow this  

Detect Active Directory Password Expiration via VPN

Recommended Posts


Been trying to come up with a solution to a common issue.

I have users that VPN mostly, and when their passwords expire, they get locked out of email, internal sites, ect... Who then submit a help ticket as to why they are getting prompted for passwords... Soooo...I was pondering making a Post VPN Script that will detect if their password is expired.

Here is what I have so far...

Basically what I am trying to acheive is this:

While vpngui.exe is up and running do these things:

  • Poll the 4 IP addresses
  • See if any of the above 4 IP's matches the criteria (to verify that they have connected to the network)
  • If yes, then poll Active Directory to see if their password has expired
  • Take the appropriate action based on if the password has expired
Thing I am having issues with:
  • Can't seem to get the IP address criteria to be checked more than the 1st time
  • The Active Directory poll appears to be affected by latency, is there any way to compensate for latency?
#include <Date.au3>

Const $ADS_NAME_TYPE_NT4 = 3
Const $ADS_NAME_TYPE_1779 = 1
Dim $domain = @LogonDomain   ;pulls domain that user is logged into
Dim $username = @UserName    ;pulls username that is logged in
Dim $oMyError
    If ProcessExists ("vpngui.exe") then
    $process = 0
Dim $ping = Ping ( "" ) 
    If $ping > 0 Then
    call ("Expire")
sleep (3000)
until $process = 1

Func Expire ()
sleep (2000)
;~  ConsoleWrite ( "stage 1"& @CRLF)
Dim $oMyError = ObjEvent("AutoIt.Error", "ComError")    
Dim $objRootDSE = ObjGet("LDAP://RootDSE")  
Dim $objTrans = ObjCreate("NameTranslate")  
$objTrans.Init ($ADS_NAME_INITTYPE_GC, "")
$objTrans.Set ($ADS_NAME_TYPE_1779, @LogonDomain)
$objTrans.Set ($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & @UserName)
Dim $strUserDN = $objTrans.Get ($ADS_NAME_TYPE_1779)
sleep (1000)
Dim $UserObj = ObjGet("LDAP://" & $strUserDN)   
Dim $lastlogin =    $UserObj.PasswordLastChanged
Dim $Date = StringMid ($lastlogin, 1, 4)& "/" & StringMid($lastlogin, 5, 2) & "/" & StringMid($lastlogin, 7, 2)
Dim $Time = StringMid($lastlogin, 9, 2) & ":" & StringMid($lastlogin, 11, 2) & ":" & StringMid($lastlogin, 13, 2)

Dim $ExpirationDate = _DateAdd ( "M", 3, $Date)
Dim $TimeLeftExpire = _Datediff ( "D", _NowCalc(), $ExpirationDate)
    If $TimeLeftExpire < 10 > 0 Then
    MsgBox ( 48, "Password Expiration", "Your password will expire in " & $TimeLeftExpire & " Days.")
        If $TimeLeftExpire = 0 then 
        MsgBox ( 48, "Password Expiration", 'Your password has expired, please CTRL + Alt + Del and click "Change Password"')
    If $TimeLeftExpire > 10 Then
    MsgBox ( 48, "Password Expiration", "Your password will expire in " & $TimeLeftExpire & " Days.")

;COM Error function
Func ComError()
    If IsObj($oMyError) Then
        $HexNumber = Hex($oMyError.number, 8)
    Return 0
EndFunc ;==>ComError
Edited by joshiieeii

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.