How to retrieve a list of user accounts that will expire.

How to retrieve a list of user accounts that will expire.

Post by iMaCutl » Fri, 04 Apr 2003 12:33:33



What I am trying to do is get a list of all of the users in AD that
have accounts that are set to expire on a certain date.  When I look
at the AD properties I see a property called accountExpires and it
seams that if I do a query where accountExpires is not 0 then I ALMOST
get what I want, however there are still users that have some value
set for this property, but there account is marked never to expire
when I look at it through Domain Users and groups.

Is there some special LDAP query or ADSI VBScript I can run to get
only the users that are truly set to Expire at some point?

Any help would be appreciated.

-Roni

 
 
 

How to retrieve a list of user accounts that will expire.

Post by Richard Muelle » Sat, 05 Apr 2003 02:25:25



>What I am trying to do is get a list of all of the users
in AD that
>have accounts that are set to expire on a certain date.  
When I look
>at the AD properties I see a property called

accountExpires and it
Quote:>seams that if I do a query where accountExpires is not 0
then I ALMOST
>get what I want, however there are still users that have
some value
>set for this property, but there account is marked never
to expire
>when I look at it through Domain Users and groups.

>Is there some special LDAP query or ADSI VBScript I can
run to get
>only the users that are truly set to Expire at some point?

>Any help would be appreciated.

>-Roni
>.

Hi,

I find that when the account is set to never expire,
accountExpires is zero, even if the AD Users & Computers
MMC shows a greyed out former expiration date. However,
one way to reset an account so it does not expires is to
set accountExpires to -1.

The accountExpires attribute is a 64-bit number. The only
reliable way to test for zero (or -1) would be to test
both the HighPart and LowPart values (and treat the
attribute as an object):

Set objUser = GetObject
("LDAP://cn=Testuser,ou=Sales,dc=MyDomain,dc=com")
Set objDate = objUser.accountExpires
If (objDate.HighPart = 0) And (objDate.LowPart = 0) Then
  Wscript.Echo "Account never expires"
ElseIf (objDate.HighPart = -1) _
    And (objDate.LowPart = -1) Then
  Wscript.Echo "Account never expires"
Else
  Wscript.Echo "Account expires"
End If

Finally, there is a property method called
AccountExpirationDate. This only gives a value if the
account has an expiration date. Otherwise, it raises an
error:

On Error Resume Next
Err.Clear
dtmDate = objUser.AccountExpirationDate
If Err.Number <> 0 Then
  Err.Clear
  Wscript.Echo "Account never expires"
Else
  Wscript.Echo "Account expires: " & dtmDate
End If
On Error GoTo 0

Richard
http://www.rlmueller.net

 
 
 

1. Account Expire and Password does not expire

Hello,
I am trying to programmatically create a some users whose accounts DO expire
but whose passwords DO NOT expire.

Here is the code:

option explicit
Dim intCustNum, strCustID, objParent, objUser, StrParent, strCN,
strPassword, strUPN, strSAMName, strScriptPath, strProfilePath,
strDescription, strAccountExpireDate
intCustNum = 123
strCustID = "test"

strParent = "OU=" & strCustID & ",OU=clients,DC=domain,DC=com"
strCN = "CN=123test3"
strSAMName = "123test3"

strPassword = "password"
strScriptPath = "000.bat"
strProfilePath = "\\server\mn000testsch\%username%"
strDescription = "Test User"
strAccountExpireDate = Date + 31
Set objParent = GetObject("LDAP://" & strParent)
Set objUser = objParent.Create("user", strCN)

'  Populate user object
objUser.Put "sAMAccountName", strSAMName
objUser.Put "userPrincipalName", strUPN
objUser.Put "ScriptPath", strScriptPath
objUser.Put "ProfilePath", strProfilePath
objUser.Put "description", strDescription
objUser.SetInfo

' Set password on user object
objUser.SetPassword strPassword
objUser.AccountDisabled = False
objUser.SetInfo

This all works fine so far, but I want to set the account expire date this
user and check the password never expires check box.
To set the account expiration date I tried:

'  Populate user object
...
objUser.Put "accountExpires", strAccountExpireDate

But that returns an "unspecified error"

And for the password does not expire checkbox I havn't been able to figure
out what to "put" to set this.

All suggestions graciously accepted....

Thanks,

--

Sam Doyle
remove MY SHOES to reply

2. Sophia Antipolis

3. List all users in a domain and retrieve a user password

4. WTD: Old or broken Psions 3A

5. User level access on Win9x - Cannot retrieve list of users

6. Empirical study of Word/PowerPoint files

7. Win98 can't access NT ws: user account expired???

8. why I got zero from sum fuction

9. Retrieve a list of wildcard account names

10. Can User Account Password be set to expire on a date?

11. How to retrieve old emails if user account was deleted

12. Retrieving USER ACCOUNTS from ACTIVE DIRECTORY Using ASP.Net and Vb.net(Urgent pls help)

13. ADSI IIS, Retrieving the details of the user account executing commands