I need user account expiry details in AD 2003 and 2008 R2. How can i get this?
-
20 martie 2012 06:43
I need user account expiry details in AD 2003 and 2008 R2. How can i get this?
Toate mesajele
-
20 martie 2012 06:49
Try this using Quest AD Commandlets
Get-QADUser -SizeLimit 0 |Select-Object samaccountname, AccountExpirationStatus
Shaba
-
20 martie 2012 06:50
Hello,
Try these links.
http://www.scriptlogic.com/smbit/article/track-user-password-expiration-using-active-directory
Here is one more link from Richard.
http://www.rlmueller.net/AccountExpires.htm
Regards,
_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Propus ca răspuns de netengineer.kamal 20 martie 2012 06:53
-
20 martie 2012 06:53
Please have a look on this page.
http://www.scriptlogic.com/smbit/article/track-user-password-expiration-using-active-directory
Kamal Sharma
-
20 martie 2012 06:55
And if you don't happen to run the Quest tools, try this:
Get-ADUser -Filter { AccountExpirationDate -like "*" } -Properties AccountExpirationDate | select Name,AccountExpirationDate | Sort-Object AccountExpirationDate -DescendingCheers,
Lain- Propus ca răspuns de AwinishMVP, Moderator 20 martie 2012 08:32
-
20 martie 2012 07:28
Is there any LDAP query where can i got account expiry list of users in AD? instead of above mentioned way?
-
20 martie 2012 07:37
Follow this,
Regards,
_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
-
20 martie 2012 08:01
An LDAP query? Yes, that's easy enough:
(&(objectClass=user)(objectCategory=person)(accountExpires=*)(!accountExpires=0)(!accountExpires=9223372036854775807))
Keep in mind this will only tell you if the account has an expiry date set or not, not when it's set to expire.
Of course, this will look a little different depending on where you're using the query, for example just dropping it into ADUC or LDP, or in a script, etc. Nevertheless, that's the query component.
Cheers,
Lain -
20 martie 2012 08:20
Thanks Lain..
But i required only when it's set to expire details .....
How can i achieve this....?
-
20 martie 2012 08:28
With only an LDAP query? You can't.
You'd have to use both the LDAP query and some kind of post-query processing, be that with something like the Powershell commandlet I provided above or with VBScript/JScript (or whatever flavour of script you prefer).
The reason for this is quite simple: the value of accountExpires is not a date. It is the number of 100 nanosecond intervals that have passed since 1601, as described here.
Cheers,
Lain -
20 martie 2012 08:38
hi You can use sc command.
run- cmd -
c:\> sc query users command with some script (like for for loop command will dive the output )
Thanks Ajay Singh MCITP Exchange IBM Tivoli, HP DPS,
- Propus ca răspuns de Ajay.Singh 20 martie 2012 08:51
-
20 martie 2012 08:40Moderator
You can use FindExpAcc tool from the Joe. You will be able to query when it going to expire or expired account.
http://www.joeware.net/freetools/tools/findexpacc/index.htm
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
20 martie 2012 11:06
But I don't want to use any tool as it comes part of non-compliance........
I am looking only for any script, ldap query....
-
20 martie 2012 11:12Moderator
I don't know how this tool will hurt your environment, since it just read the data from the AD and it perform same task what script will do.
Awinish Vishwakarma - MVP-DS
My Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
20 martie 2012 11:30
Your requirement takes me back to the Powershell commandlet I provided earlier. It does not require anything above and beyond what Microsoft already ships with Server 2008 R2 (Server 2003 isn't an option out-of-the-box).
I'm not quite sure how best to help you. As I said, an LDAP query alone simply won't do what you're after. The Powershell example I provided is effectively just a script, while if you wanted to use the older WScript-type model, then you're going to need to find a helper to handle the Int64 type, as it's not handled natively.
Outside of that, you're then in the territory of using third-party tools, as already mentioned.
Cheers,
Lain -
20 martie 2012 11:59
ok fine.......... lain.......
Can u provide me powershell script where i can run on windows powershell instead of active directory module as i don't have AD module on the server on which helpdesk team will run this powershell script...........
As i got the below powershell script but thats require AD module and I have to given script to helpdesk team and on the server which helpdesk perform below script don't have AD module powershell......... only have powershell 2.0..........
Search-ADAccount -AccountExpiring -TimeSpan 31.00:00:00 | Get-ADUser -Properties givenName,sn,userprincipalname, AccountExpirationDate,mail,title,department,manager | Export-Csv C:\result.csv -NoType
-
20 martie 2012 12:06
Here is a VBScript program I wrote years ago that retrieves information on all users with accounts that have an expiration date. The script documents the user DN and the date the account expires. The script converts the Integer8 value into the corresponding date in the local time zone:
Option Explicit
Dim adoConnection, adoCommand
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
Dim strDN, objShell, lngBiasKey, lngBias
Dim lngDate, objDate, dtmAcctExp, k
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
' Use ADO to search the domain for all users.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOOBject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Filter to retrieve all user objects with accounts
' that expire.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(!accountExpires=0)(!accountExpires=9223372036854775807))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";distinguishedName,accountExpires;subtree"
' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate the recordset.
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("distinguishedName").Value
lngDate = adoRecordset.Fields("accountExpires")
Set objDate = lngDate
dtmAcctExp = Integer8Date(objDate, lngBias)
Wscript.Echo strDN & ";" & dtmAcctExp
adoRecordset.MoveNext
Loop
adoRecordset.Close
' Clean up.
adoConnection.Close
Function Integer8Date(ByVal objDate, ByVal lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function
-----
Run the script at a command prompt using the cscript host program. You can redirect the output to a text file. For example, if the script is saved in the file AcctsExpire.vbs, run the script at a command prompt (of any computer joined to the domain) with the following:
cscript //nologo AcctsExpire.vbs > ExpReport.txt
This assumes you are in the directory where the file AcctsExpire.vbs is saved. Otherwise you must include the full path to the file. The new file ExpReport.txt is created in the current directory.
Richard Mueller - MVP Directory Services
- Propus ca răspuns de Lain Robertson 20 martie 2012 12:26
-
20 martie 2012 12:31
First, to answer your question: I can't. If the Helpdesk server is not the 2008 R2 server then I can't offer a Powershell alternative. If it is, then technically the installation base is already there for "installing" the AD Powershell module - someone just needs to actually enable it from the Features section of Server Manager.
That said, Richard's script best matches your requirements if enabling already availble components is simply not an option.
Cheers,
Lain -
20 martie 2012 12:36
Ok......... i check and update u............
Thanks by the way..........
-
20 martie 2012 14:37
Hi Richards,
This script is providing me all the account expiry list which has been or going to be expire .......... but can u modify it only for going to be expire ??????????
-
20 martie 2012 14:40
Get-QADUser -AccountExpiresAfter 1/1/2012
Try this powerful one-liner. You need have have quest AD commandlets to get this working.Shaba
-
20 martie 2012 14:54
Of course. We just need to convert the current date/time (in the local time zone) into UTC, then into the corresponding Integer8 value. Then we can filter on users where the accountExpires attribute is greater than this value. The modified VBScript program follows:
Option Explicit
Dim adoConnection, adoCommand
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
Dim strDN, objShell, lngBiasKey, lngBias
Dim lngDate, objDate, dtmAcctExp, k
Dim dtmCritical, lngSeconds, str64Bit
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
' Use ADO to search the domain.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOOBject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Convert current date/time to UTC.
dtmCritical = DateAdd("n", lngBias, Now())
' Convert to seconds since 1/1/1601
lngSeconds = DateDiff("s", #1/1/1601#, dtmCritical)
' Convert to 100-nanosecond intervals
str64Bit = CStr(lngSeconds) & "0000000"
' Filter to retrieve all user objects with accounts that will expire in the future.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(accountExpires>=" & str64Bit & ")(!accountExpires=9223372036854775807))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";distinguishedName,accountExpires;subtree"
' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate the recordset.
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("distinguishedName").Value
lngDate = adoRecordset.Fields("accountExpires")
Set objDate = lngDate
dtmAcctExp = Integer8Date(objDate, lngBias)
Wscript.Echo strDN & ";" & dtmAcctExp
adoRecordset.MoveNext
Loop
adoRecordset.Close
' Clean up.
adoConnection.Close
Function Integer8Date(ByVal objDate, ByVal lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function
-----
The full explanation for the accountExpires attribute (including that ridiculus large number) was linked above, but I repeat it here:
http://www.rlmueller.net/AccountExpires.htm
An explanation of using LDAP syntax filters is linked here:
And similar information for using ADO in VBScript to query Active Directory is here:
http://www.rlmueller.net/ADOSearchTips.htm
Richard Mueller - MVP Directory Services
- Propus ca răspuns de Rick TanModerator 21 martie 2012 07:55
-
21 martie 2012 12:13
Thanks Richards...........
It is providing me the account expiration list of all users...............
But if i want to modify some thing in this like display name, samaccountname instead of distinguishedName how can and onwhich line i need to add paramenter or you can add it for me??
Also, it can be better for me if i get only next 60 days or next 90 days account expiry list so that i can provide helpdesk team timely.......... if it can be possible to export list of account expiry list of next 60 days from AD in the above mentioned VB list, that can be really helpful to me...........
Thanks in Advance............
-
21 martie 2012 14:36
This version uses ADO to query for users where the accountExpires attribute corresponds to dates between today and 60 days in the future. I also added the sAMAccountName attribute to the comma delimited list of attribute values to be retrieved. You could add others as well (including displayName). In the loop where the recordset is enumerated I added code to retrieve and display sAMAccountName:
Option Explicit
Dim adoConnection, adoCommand
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
Dim strDN, objShell, lngBiasKey, lngBias
Dim lngDate, objDate, dtmAcctExp, k, strName
Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2
' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If
' Use ADO to search the domain.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOOBject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
' Convert current date/time to UTC.
dtmCritical1 = DateAdd("n", lngBias, Now())
' Convert to seconds since 1/1/1601.
lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)
' Convert to 100-nanosecond intervals.
str64Bit1 = CStr(lngSeconds1) & "0000000"
' Determine critical date 60 days in future.
dtmCritical2 = DateAdd("d", 60, Now())
' Convert to UTC.
dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)
' Convert to seconds since 1/1/1601
lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)
' Convert to 100-nanosecond intervals
str64Bit2 = CStr(lngSeconds2) & "0000000"
' Filter to retrieve all user objects with accounts that will expire
' within the specified number of days in the future.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";distinguishedName,accountExpires,sAMAccountName;subtree"
' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate the recordset.
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("distinguishedName").Value
strName = adoRecordset.Fields("sAMAccountName").Value
lngDate = adoRecordset.Fields("accountExpires")
Set objDate = lngDate
dtmAcctExp = Integer8Date(objDate, lngBias)
Wscript.Echo strName & ";" & dtmAcctExp
adoRecordset.MoveNext
Loop
adoRecordset.Close
' Clean up.
adoConnection.Close
Function Integer8Date(ByVal objDate, ByVal lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function
-----
Richard Mueller - MVP Directory Services
- Marcat ca răspuns de Gautam Ji 22 martie 2012 09:32
- Editat de Richard MuellerMVP 22 martie 2012 12:56 typo
-
22 martie 2012 12:24
HI......... while running afermentioned script getting below error..
C:\>cscript C:\Users\a-gchand\Desktop\60days.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.C:\Users\a-gchand\Desktop\60days.vbs(46, 1) Microsoft VBScript runtime error: Va
riable is undefined: 'lngTZBias'
C:\> -
22 martie 2012 12:58
Sorry, my typo. Change lngTZBias to lngBias. The statement should be:
' Convert to UTC. dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)I corrected the code snippet I posted earlier.
Richard Mueller - MVP Directory Services
- Marcat ca răspuns de Gautam Ji 22 martie 2012 13:09
-
22 martie 2012 14:48
Hi Getting below error while adding Display name in the script.
C:\>cscript C:\Users\a-gchand\Desktop\60days.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.C:\Users\a-gchand\Desktop\60days.vbs(67, 1) Provider: Unspecified error
==================================
Added script below
===========================
Option Explicit
Dim adoConnection, adoCommand
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
Dim strDN, objShell, lngBiasKey, lngBias
Dim lngDate, objDate, dtmAcctExp, k, strName
Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If' Use ADO to search the domain.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOOBject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")' Convert current date/time to UTC.
dtmCritical1 = DateAdd("n", lngBias, Now())' Convert to seconds since 1/1/1601.
lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)' Convert to 100-nanosecond intervals.
str64Bit1 = CStr(lngSeconds1) & "0000000"' Determine critical date 60 days in future.
dtmCritical2 = DateAdd("d", 60, Now())' Convert to UTC.
dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)' Convert to seconds since 1/1/1601
lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)' Convert to 100-nanosecond intervals
str64Bit2 = CStr(lngSeconds2) & "0000000"' Filter to retrieve all user objects with accounts that will expire
' within the specified number of days in the future.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";distinguishedName,accountExpires,sAMAccountName,Display Name;subtree"' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute' Enumerate the recordset.
Do Until adoRecordset.EOF
strDN = adoRecordset.Fields("distinguishedName").Value
strName = adoRecordset.Fields("sAMAccountName").Value
strName = adoRecordset.Fields("Display Name").Value
lngDate = adoRecordset.Fields("accountExpires")
Set objDate = lngDate
dtmAcctExp = Integer8Date(objDate, lngBias)
Wscript.Echo strName & ";" & dtmAcctExp
adoRecordset.MoveNext
Loop
adoRecordset.Close' Clean up.
adoConnection.CloseFunction Integer8Date(ByVal objDate, ByVal lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function -
22 martie 2012 17:01
The displayName attribute does not have a space. Replace "Display Name" with "displayName" in the two lines (the comma delimited list of attributes and where the value is retrieved from the adoRecordset.Fields collection in the loop).
Richard Mueller - MVP Directory Services
-
23 martie 2012 11:13
Hi.......... I got the script and thanks for your help once again.............
I have modify and added it for givenname,sn,sAMAccountName,expiry date,mail,title, department,manage for these attribute property.......... Now i have one little query that i need the user account status details whether it is enable or disable.... can u make it and help me on this point??
Please find the below modify script that is working fine to me........
=============
Option Explicit
Dim adoConnection, adoCommand
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
Dim strDN, objShell, lngBiasKey, lngBias, strDisplay
Dim strfn, strln,strmail,strtitle,strdept,strmngr
Dim lngDate, objDate, dtmAcctExp, k, strName
Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2' Obtain local time zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
& "TimeZoneInformation\ActiveTimeBias")
If (UCase(TypeName(lngBiasKey)) = "LONG") Then
lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
lngBias = 0
For k = 0 To UBound(lngBiasKey)
lngBias = lngBias + (lngBiasKey(k) * 256^k)
Next
End If' Use ADO to search the domain.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOOBject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")' Convert current date/time to UTC.
dtmCritical1 = DateAdd("n", lngBias, Now())' Convert to seconds since 1/1/1601.
lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)' Convert to 100-nanosecond intervals.
str64Bit1 = CStr(lngSeconds1) & "0000000"' Determine critical date 60 days in future.
dtmCritical2 = DateAdd("d", 60, Now())' Convert to UTC.
dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)' Convert to seconds since 1/1/1601
lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)' Convert to 100-nanosecond intervals
str64Bit2 = CStr(lngSeconds2) & "0000000"' Filter to retrieve all user objects with accounts that will expire
' within the specified number of days in the future.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";givenname,sn,mail,title,department,manager,accountExpires,sAMAccountName,displayName;subtree"' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute' Enumerate the recordset.
Do Until adoRecordset.EOF
'strDN = adoRecordset.Fields("distinguishedName").Value
strName = adoRecordset.Fields("sAMAccountName").Value
strDisplay = adoRecordset.Fields("displayName").Value
strfn = adoRecordset.Fields("givenname").Value
strln = adoRecordset.Fields("sn").Value
strmail = adoRecordset.Fields("mail").Value
strtitle = adoRecordset.Fields("title").Value
strdept = adoRecordset.Fields("department").Value
strmngr = adoRecordset.Fields("manager").Value
lngDate = adoRecordset.Fields("accountExpires")
Set objDate = lngDate
dtmAcctExp = Integer8Date(objDate, lngBias)
Wscript.Echo strfn & vbtab & strln & vbtab & strDisplay & vbtab & strName & vbtab & dtmAcctExp & vbtab & strmail & vbtab & strtitle & vbtab & strdept & vbtab & strmngr
adoRecordset.MoveNext
Loop
adoRecordset.Close' Clean up.
adoConnection.CloseFunction Integer8Date(ByVal objDate, ByVal lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for bug in IADslargeInteger property methods.
If (lngLow < 0) Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
+ lngLow) / 600000000 - lngAdjust) / 1440
Integer8Date = CDate(lngDate)
End Function
-
23 martie 2012 13:25
Whether or not the user account is enabled is determined by one bit in the userAccountControl attribute. You need to retrieve this attribute, then test the appropriate bit. First step is to define the bit mask constant for testing if the account is disabled. I would add this near the beginning of the script, perhaps after the Dim statements:
Const ADS_UF_ACCOUNTDISABLE = &H02
-----
Next, add "userAccountControl" to the comma delimited list of attribute values to retrieve.strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
& ";givenname,sn,mail,title,department,manager,accountExpires,sAMAccountName,displayName,userAccountControl;subtree"
-----
Then in the loop where the recordset is enumerated, add a statement to retrieve the value of userAccountControl and test the approriate bit of the integer value. For example:
If (adoRecordset.Fields("userAccountControl").Value And ADS_UF_ACCOUNTDISABLE) <> 0 Then
strEnabled = "Disabled"
Else
strEnabled = "Enabled"
End If
-----
Next, I've added a new variable. It must be declared in a Dim statement, near the top with the other Dim statements. For example:
Dim strEnabled
-----
Finally, you need to output the value of the new variable, strEnabled. For example:
Wscript.Echo strfn & vbtab & strln & vbtab & strDisplay & vbtab & strName & vbtab _
& dtmAcctExp & vbtab & strmail & vbtab & strtitle & vbtab & strdept & vbtab _
& strmngr & vbtab & strenabled
-----
Richard Mueller - MVP Directory Services
.png)
