none
I need user account expiry details in AD 2003 and 2008 R2. How can i get this?

Răspunsuri

  • This version uses ADO to query for users where the accountExpires attribute corresponds to dates between today and 60 days in the future. I also added the sAMAccountName attribute to the comma delimited list of attribute values to be retrieved. You could add others as well (including displayName). In the loop where the recordset is enumerated I added code to retrieve and display sAMAccountName:

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmAcctExp, k, strName
    Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Convert current date/time to UTC.
    dtmCritical1 = DateAdd("n", lngBias, Now())

    ' Convert to seconds since 1/1/1601.
    lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)

    ' Convert to 100-nanosecond intervals.
    str64Bit1 = CStr(lngSeconds1) & "0000000"

    ' Determine critical date 60 days in future.
    dtmCritical2 = DateAdd("d", 60, Now())

    ' Convert to UTC.
    dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    ' Convert to seconds since 1/1/1601
    lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)

    ' Convert to 100-nanosecond intervals
    str64Bit2 = CStr(lngSeconds2) & "0000000"

    ' Filter to retrieve all user objects with accounts that will expire
    ' within the specified number of days in the future.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";distinguishedName,accountExpires,sAMAccountName;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 200
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        strDN = adoRecordset.Fields("distinguishedName").Value
        strName = adoRecordset.Fields("sAMAccountName").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strName & ";" & dtmAcctExp
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    -----



    Richard Mueller - MVP Directory Services


    21 martie 2012 14:36
  • Sorry, my typo. Change lngTZBias to lngBias. The statement should be:

    ' Convert to UTC.
     dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    I corrected the code snippet I posted earlier.


    Richard Mueller - MVP Directory Services

    • Marcat ca răspuns de Gautam Ji 22 martie 2012 13:09
    22 martie 2012 12:58

Toate mesajele

  • Try this using Quest AD Commandlets

    Get-QADUser -SizeLimit 0 |Select-Object samaccountname, AccountExpirationStatus


    Shaba

    20 martie 2012 06:49
  • Hello,

    Try these links.

    http://www.scriptlogic.com/smbit/article/track-user-password-expiration-using-active-directory

    http://www.ehloworld.com/318

    Here is one more link from Richard.

    http://www.rlmueller.net/AccountExpires.htm

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    20 martie 2012 06:50
  • Please have a look on this page.

    http://www.scriptlogic.com/smbit/article/track-user-password-expiration-using-active-directory


    Kamal Sharma

    20 martie 2012 06:53
  • And if you don't happen to run the Quest tools, try this:

    Get-ADUser -Filter { AccountExpirationDate -like "*" } -Properties AccountExpirationDate | select Name,AccountExpirationDate | Sort-Object AccountExpirationDate -Descending

    Cheers,
    Lain

    20 martie 2012 06:55
  • Is there any LDAP query where can i got account expiry list of users in AD? instead of above mentioned way?

    20 martie 2012 07:28
  • Follow this,

    http://social.technet.microsoft.com/Forums/en/winservergen/thread/a3156ae6-3362-48e4-a872-286a624e0b1c

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    20 martie 2012 07:37
  • An LDAP query? Yes, that's easy enough:

    (&(objectClass=user)(objectCategory=person)(accountExpires=*)(!accountExpires=0)(!accountExpires=9223372036854775807))

    Keep in mind this will only tell you if the account has an expiry date set or not, not when it's set to expire.

    Of course, this will look a little different depending on where you're using the query, for example just dropping it into ADUC or LDP, or in a script, etc. Nevertheless, that's the query component.

    Cheers,
    Lain

    20 martie 2012 08:01
  • Thanks Lain..

    But i required only when it's set to expire  details .....

    How can i achieve this....?

    20 martie 2012 08:20
  • With only an LDAP query? You can't.

    You'd have to use both the LDAP query and some kind of post-query processing, be that with something like the Powershell commandlet I provided above or with VBScript/JScript (or whatever flavour of script you prefer).

    The reason for this is quite simple: the value of accountExpires is not a date. It is the number of 100 nanosecond intervals that have passed since 1601, as described here.

    Cheers,
    Lain

    20 martie 2012 08:28
  •  hi You can use sc command.

    run- cmd -

    c:\> sc query users  command  with some script (like for for loop command will dive the output )


    Thanks Ajay Singh MCITP Exchange IBM Tivoli, HP DPS,

    • Propus ca răspuns de Ajay.Singh 20 martie 2012 08:51
    20 martie 2012 08:38
  • You can use FindExpAcc tool from the Joe. You will be able to query when it going to expire or expired account.

    http://www.joeware.net/freetools/tools/findexpacc/index.htm


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    20 martie 2012 08:40
  • But I don't want to use any tool as it comes part of non-compliance........

    I am looking only for any script, ldap query....

    20 martie 2012 11:06
  • I don't know how this tool will hurt your environment, since it just read the data from the AD and it perform same task what script will do. 


    Awinish Vishwakarma - MVP-DS

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    20 martie 2012 11:12
  • Your requirement takes me back to the Powershell commandlet I provided earlier. It does not require anything above and beyond what Microsoft already ships with Server 2008 R2 (Server 2003 isn't an option out-of-the-box).

    I'm not quite sure how best to help you. As I said, an LDAP query alone simply won't do what you're after. The Powershell example I provided is effectively just a script, while if you wanted to use the older WScript-type model, then you're going to need to find a helper to handle the Int64 type, as it's not handled natively.

    Outside of that, you're then in the territory of using third-party tools, as already mentioned.

    Cheers,
    Lain

    20 martie 2012 11:30
  • ok fine.......... lain.......

    Can u provide me powershell script where i can run on windows powershell instead of active directory module as i don't have AD module on the server on which helpdesk team will run this powershell script...........

    As i got the below powershell script but thats require AD module and I have to given script to helpdesk team and on the server which helpdesk perform below script don't have AD module powershell......... only have powershell 2.0..........

    Search-ADAccount -AccountExpiring -TimeSpan 31.00:00:00 | Get-ADUser -Properties givenName,sn,userprincipalname, AccountExpirationDate,mail,title,department,manager | Export-Csv C:\result.csv -NoType

    20 martie 2012 11:59
  • Here is a VBScript program I wrote years ago that retrieves information on all users with accounts that have an expiration date. The script documents the user DN and the date the account expires. The script converts the Integer8 value into the corresponding date in the local time zone:

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmAcctExp, k

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain for all users.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Filter to retrieve all user objects with accounts
    ' that expire.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(!accountExpires=0)(!accountExpires=9223372036854775807))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";distinguishedName,accountExpires;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        strDN = adoRecordset.Fields("distinguishedName").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strDN & ";" & dtmAcctExp
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    -----

    Run the script at a command prompt using the cscript host program. You can redirect the output to a text file. For example, if the script is saved in the file AcctsExpire.vbs, run the script at a command prompt (of any computer joined to the domain) with the following:

    cscript //nologo AcctsExpire.vbs > ExpReport.txt

    This assumes you are in the directory where the file AcctsExpire.vbs is saved. Otherwise you must include the full path to the file. The new file ExpReport.txt is created in the current directory.


    Richard Mueller - MVP Directory Services

    20 martie 2012 12:06
  • First, to answer your question: I can't. If the Helpdesk server is not the 2008 R2 server then I can't offer a Powershell alternative. If it is, then technically the installation base is already there for "installing" the AD Powershell module - someone just needs to actually enable it from the Features section of Server Manager.

    That said, Richard's script best matches your requirements if enabling already availble components is simply not an option.

    Cheers,
    Lain

    20 martie 2012 12:31
  • Ok......... i check and update u............

    Thanks by the way..........

    20 martie 2012 12:36
  • Hi Richards,

    This script is providing me all the account expiry list which has been or going to be expire    .......... but can u modify it only for going to be expire ??????????

    20 martie 2012 14:37
  • Get-QADUser -AccountExpiresAfter 1/1/2012
    Try this powerful one-liner. You need have have quest AD commandlets to get this working.

    Shaba

    20 martie 2012 14:40
  • Of course. We just need to convert the current date/time (in the local time zone) into UTC, then into the corresponding Integer8 value. Then we can filter on users where the accountExpires attribute is greater than this value. The modified VBScript program follows:

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmAcctExp, k
    Dim dtmCritical, lngSeconds, str64Bit

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Convert current date/time to UTC.
    dtmCritical = DateAdd("n", lngBias, Now())

    ' Convert to seconds since 1/1/1601
    lngSeconds = DateDiff("s", #1/1/1601#, dtmCritical)

    ' Convert to 100-nanosecond intervals
    str64Bit = CStr(lngSeconds) & "0000000"

    ' Filter to retrieve all user objects with accounts that will expire in the future.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(accountExpires>=" & str64Bit & ")(!accountExpires=9223372036854775807))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";distinguishedName,accountExpires;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 200
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        strDN = adoRecordset.Fields("distinguishedName").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strDN & ";" & dtmAcctExp
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    -----

    The full explanation for the accountExpires attribute (including that ridiculus large number) was linked above, but I repeat it here:

    http://www.rlmueller.net/AccountExpires.htm

    An explanation of using LDAP syntax filters is linked here:

    http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters-en-us.aspx

    And similar information for using ADO in VBScript to query Active Directory is here:

    http://www.rlmueller.net/ADOSearchTips.htm


    Richard Mueller - MVP Directory Services

    20 martie 2012 14:54
  • Thanks Richards...........

    It is providing me the account expiration list of all users...............

    But if i want to modify some thing in this like display name, samaccountname instead of distinguishedName  how can and onwhich line i need to add paramenter or you can add it for me??

    Also, it can be better for me if i get only next 60 days or next 90 days account expiry list so that i can provide helpdesk team timely.......... if it can be possible to export list of account expiry list of next 60 days from AD in the above mentioned VB list, that can be really helpful to me...........

    Thanks in Advance............

    21 martie 2012 12:13
  • This version uses ADO to query for users where the accountExpires attribute corresponds to dates between today and 60 days in the future. I also added the sAMAccountName attribute to the comma delimited list of attribute values to be retrieved. You could add others as well (including displayName). In the loop where the recordset is enumerated I added code to retrieve and display sAMAccountName:

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmAcctExp, k, strName
    Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Convert current date/time to UTC.
    dtmCritical1 = DateAdd("n", lngBias, Now())

    ' Convert to seconds since 1/1/1601.
    lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)

    ' Convert to 100-nanosecond intervals.
    str64Bit1 = CStr(lngSeconds1) & "0000000"

    ' Determine critical date 60 days in future.
    dtmCritical2 = DateAdd("d", 60, Now())

    ' Convert to UTC.
    dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    ' Convert to seconds since 1/1/1601
    lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)

    ' Convert to 100-nanosecond intervals
    str64Bit2 = CStr(lngSeconds2) & "0000000"

    ' Filter to retrieve all user objects with accounts that will expire
    ' within the specified number of days in the future.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";distinguishedName,accountExpires,sAMAccountName;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 200
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        strDN = adoRecordset.Fields("distinguishedName").Value
        strName = adoRecordset.Fields("sAMAccountName").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strName & ";" & dtmAcctExp
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    -----



    Richard Mueller - MVP Directory Services


    21 martie 2012 14:36
  • HI......... while running afermentioned script getting below error..


    C:\>cscript C:\Users\a-gchand\Desktop\60days.vbs
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    C:\Users\a-gchand\Desktop\60days.vbs(46, 1) Microsoft VBScript runtime error: Va
    riable is undefined: 'lngTZBias'


    C:\>

    22 martie 2012 12:24
  • Sorry, my typo. Change lngTZBias to lngBias. The statement should be:

    ' Convert to UTC.
     dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    I corrected the code snippet I posted earlier.


    Richard Mueller - MVP Directory Services

    • Marcat ca răspuns de Gautam Ji 22 martie 2012 13:09
    22 martie 2012 12:58
  • Hi Getting below error while adding Display name in the script.


    C:\>cscript C:\Users\a-gchand\Desktop\60days.vbs
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.

    C:\Users\a-gchand\Desktop\60days.vbs(67, 1) Provider: Unspecified error

    ==================================

    Added script below

    ===========================

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias
    Dim lngDate, objDate, dtmAcctExp, k, strName
    Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Convert current date/time to UTC.
    dtmCritical1 = DateAdd("n", lngBias, Now())

    ' Convert to seconds since 1/1/1601.
    lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)

    ' Convert to 100-nanosecond intervals.
    str64Bit1 = CStr(lngSeconds1) & "0000000"

    ' Determine critical date 60 days in future.
    dtmCritical2 = DateAdd("d", 60, Now())

    ' Convert to UTC.
    dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    ' Convert to seconds since 1/1/1601
    lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)

    ' Convert to 100-nanosecond intervals
    str64Bit2 = CStr(lngSeconds2) & "0000000"

    ' Filter to retrieve all user objects with accounts that will expire
    ' within the specified number of days in the future.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";distinguishedName,accountExpires,sAMAccountName,Display Name;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 200
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        strDN = adoRecordset.Fields("distinguishedName").Value
        strName = adoRecordset.Fields("sAMAccountName").Value
        strName = adoRecordset.Fields("Display Name").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strName & ";" & dtmAcctExp
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    22 martie 2012 14:48
  • The displayName attribute does not have a space. Replace "Display Name" with "displayName" in the two lines (the comma delimited list of attributes and where the value is retrieved from the adoRecordset.Fields collection in the loop).


    Richard Mueller - MVP Directory Services

    22 martie 2012 17:01
  • Hi.......... I got the script and thanks for your help once again.............

    I have modify and added it for givenname,sn,sAMAccountName,expiry date,mail,title, department,manage  for these attribute property.......... Now i have one little query that i need the user account status   details whether it is enable or disable.... can u make it and help me on this point??

    Please find the below modify script that is working fine to me........

    =============

    Option Explicit

    Dim adoConnection, adoCommand
    Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset
    Dim strDN, objShell, lngBiasKey, lngBias, strDisplay
    Dim strfn, strln,strmail,strtitle,strdept,strmngr
    Dim lngDate, objDate, dtmAcctExp, k, strName
    Dim dtmCritical1, lngSeconds1, str64Bit1, dtmCritical2, lngSeconds2, str64Bit2

    ' Obtain local time zone bias from machine registry.
    Set objShell = CreateObject("Wscript.Shell")
    lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _
        & "TimeZoneInformation\ActiveTimeBias")
    If (UCase(TypeName(lngBiasKey)) = "LONG") Then
        lngBias = lngBiasKey
    ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then
        lngBias = 0
        For k = 0 To UBound(lngBiasKey)
            lngBias = lngBias + (lngBiasKey(k) * 256^k)
        Next
    End If

    ' Use ADO to search the domain.
    Set adoConnection = CreateObject("ADODB.Connection")
    Set adoCommand = CreateObject("ADODB.Command")
    adoConnection.Provider = "ADsDSOOBject"
    adoConnection.Open "Active Directory Provider"
    Set adoCommand.ActiveConnection = adoConnection

    ' Determine the DNS domain from the RootDSE object.
    Set objRootDSE = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootDSE.Get("DefaultNamingContext")

    ' Convert current date/time to UTC.
    dtmCritical1 = DateAdd("n", lngBias, Now())

    ' Convert to seconds since 1/1/1601.
    lngSeconds1 = DateDiff("s", #1/1/1601#, dtmCritical1)

    ' Convert to 100-nanosecond intervals.
    str64Bit1 = CStr(lngSeconds1) & "0000000"

    ' Determine critical date 60 days in future.
    dtmCritical2 = DateAdd("d", 60, Now())

    ' Convert to UTC.
    dtmCritical2 = DateAdd("n", lngBias, dtmCritical2)

    ' Convert to seconds since 1/1/1601
    lngSeconds2 = DateDiff("s", #1/1/1601#, dtmCritical2)

    ' Convert to 100-nanosecond intervals
    str64Bit2 = CStr(lngSeconds2) & "0000000"

    ' Filter to retrieve all user objects with accounts that will expire
    ' within the specified number of days in the future.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _
        & "(accountExpires>=" & str64Bit1 & ")(accountExpires<=" & str64Bit2 & "))"

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";givenname,sn,mail,title,department,manager,accountExpires,sAMAccountName,displayName;subtree"

    ' Run the query.
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 200
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the recordset.
    Do Until adoRecordset.EOF
        'strDN = adoRecordset.Fields("distinguishedName").Value
        strName = adoRecordset.Fields("sAMAccountName").Value
        strDisplay = adoRecordset.Fields("displayName").Value
        strfn = adoRecordset.Fields("givenname").Value
        strln = adoRecordset.Fields("sn").Value
        strmail = adoRecordset.Fields("mail").Value
        strtitle = adoRecordset.Fields("title").Value
        strdept = adoRecordset.Fields("department").Value
        strmngr = adoRecordset.Fields("manager").Value
        lngDate = adoRecordset.Fields("accountExpires")
        Set objDate = lngDate
        dtmAcctExp = Integer8Date(objDate, lngBias)
        Wscript.Echo strfn & vbtab & strln & vbtab & strDisplay & vbtab & strName & vbtab & dtmAcctExp & vbtab & strmail & vbtab & strtitle & vbtab & strdept & vbtab & strmngr
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    ' Clean up.
    adoConnection.Close

    Function Integer8Date(ByVal objDate, ByVal lngBias)
        ' Function to convert Integer8 (64-bit) value to a date, adjusted for
        ' local time zone bias.
        Dim lngAdjust, lngDate, lngHigh, lngLow
        lngAdjust = lngBias
        lngHigh = objDate.HighPart
        lngLow = objdate.LowPart
        ' Account for bug in IADslargeInteger property methods.
        If (lngLow < 0) Then
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            lngAdjust = 0
        End If
        lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
            + lngLow) / 600000000 - lngAdjust) / 1440
        Integer8Date = CDate(lngDate)
    End Function

    23 martie 2012 11:13
  • Whether or not the user account is enabled is determined by one bit in the userAccountControl attribute. You need to retrieve this attribute, then test the appropriate bit. First step is to define the bit mask constant for testing if the account is disabled. I would add this near the beginning of the script, perhaps after the Dim statements:

    Const ADS_UF_ACCOUNTDISABLE = &H02

    -----


    Next, add "userAccountControl" to the comma delimited list of attribute values to retrieve.

    strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter _
        & ";givenname,sn,mail,title,department,manager,accountExpires,sAMAccountName,displayName,userAccountControl;subtree"

    -----

    Then in the loop where the recordset is enumerated, add a statement to retrieve the value of userAccountControl and test the approriate bit of the integer value. For example:

        If (adoRecordset.Fields("userAccountControl").Value And ADS_UF_ACCOUNTDISABLE) <> 0 Then
            strEnabled = "Disabled"
        Else
            strEnabled = "Enabled"
        End If

    -----

    Next, I've added a new variable. It must be declared in a Dim statement, near the top with the other Dim statements. For example:

    Dim strEnabled

    -----

    Finally, you need to output the value of the new variable, strEnabled. For example:

    Wscript.Echo strfn & vbtab & strln & vbtab & strDisplay & vbtab & strName & vbtab _
        & dtmAcctExp & vbtab & strmail & vbtab & strtitle & vbtab & strdept & vbtab _
        & strmngr & vbtab & strenabled

    -----



    Richard Mueller - MVP Directory Services

    23 martie 2012 13:25