Sign in to follow this  
Followers 0
bonesz100

AD Attributes?

6 posts in this topic

I have a question on what attributes can be pulled from Active Directory. I wanted to retrieve when a user's password would expire from AD.

I could grab the Password Last Set field, but then I would have to translate the date to the appropriate expiration date\time. I would rather not do this if I don't have to.

An exert of my code:

$objTrans = ObjCreate("NameTranslate")

$objTrans.Init($ADS_NAME_INITTYPE_GC, "")

$objTrans.Set($ADS_NAME_TYPE_1779, @LogonDomain)

$objTrans.Set($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username)

$strUserDN = $objTrans.Get($ADS_NAME_TYPE_1779)

$UserObj = ObjGet("LDAP://" & $diamDC[$i] & "/" & $strUserDN)

;Would like for a way to get when the password expires, I just don't know the correct attribute to use.

$pwexpire = $UserObj.???????

-----------------------------------------------

I tried $UserObj.PasswordExpirationDate - but there is no data in this return.

Anyone have any ideas?

Share this post


Link to post
Share on other sites



This post might be a good place to start. That's where I got the function to properly display all AD attributes.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have a question on what attributes can be pulled from Active Directory. I wanted to retrieve when a user's password would expire from AD.

I could grab the Password Last Set field, but then I would have to translate the date to the appropriate expiration date\time. I would rather not do this if I don't have to.

An exert of my code:

$objTrans = ObjCreate("NameTranslate")

$objTrans.Init($ADS_NAME_INITTYPE_GC, "")

$objTrans.Set($ADS_NAME_TYPE_1779, @LogonDomain)

$objTrans.Set($ADS_NAME_TYPE_NT4, @LogonDomain & "\" & $username)

$strUserDN = $objTrans.Get($ADS_NAME_TYPE_1779)

$UserObj = ObjGet("LDAP://" & $diamDC[$i] & "/" & $strUserDN)

;Would like for a way to get when the password expires, I just don't know the correct attribute to use.

$pwexpire = $UserObj.???????

-----------------------------------------------

I tried $UserObj.PasswordExpirationDate - but there is no data in this return.

Anyone have any ideas?

You have to use the WinNT provider and not LDAP. LDAP doesn't support PasswordExpirationDate.

Try $UserObj = ObjGet("WinNT://" & $diamDC[$i] & "/" & $strUserDN)


EndFuncAutoIt is the shiznit. I love it.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

You have to use the WinNT provider and not LDAP. LDAP doesn't support PasswordExpirationDate.

Try $UserObj = ObjGet("WinNT://" & $diamDC[$i] & "/" & $strUserDN)

Is there a good place to look on the web to see what information is available with the WinNT object vs the LDAP object? I guess i'm not exactly sure what the difference is. Should be using WINNT instead of LDAP?

BTW - I'm using this script on a Win 2003 domain.

Edited by bonesz100

Share this post


Link to post
Share on other sites

The internet is your friend :-) I searched for "//WINNT: active directory expire"

WinNT vs LDAP

Name Attributes

ADSI WinNT provider


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I ended up just taking the string from LDAP - PasswordlastChanged attribute and converting it to a format where I could apply the _DateAdd() UDF and that got me the data i wanted.

I appreciate the links. Sounds like LDAP is the better choice as it has quicker returns on object querys..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0