Re: Another Newbie
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Feb 2007 14:31:54 -0600
"gchalfont@xxxxxxxxxxxxxxxx"
<gchalfont@xxxxxxxxxxxxxxxx@discussions.microsoft.com> wrote in message
news:EF11E564-B1B3-4AF6-95C6-E408C2CA2955@xxxxxxxxxxxxxxxx
Hi all.. please bear with me as I'm extremely green when it comes to
scripting. I need a script that will give me a list of all users who's
passwords are set to never expire in Active Directory. I'm in a server
2003
environment. Domain=thomasnelson.com All users are in an OU labeled
UsersOU. Any help would be appreciated. Also, do I run the vbs script
from
my local machine, or do I need to do this on the domain controller???
The best way to query users is with ADO. The following filters on users that
have password never expires set. It outputs the NT name and Distinguished
Names of these users. Modify the value assigned to strOU for your OU:
======
Option Explicit
Dim adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, strNTName, strOU
' Specify Distinguished Name of OU.
strOU = "ou=MyOU,dc=MyDomain,dc=com"
' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Specify base of search as the OU.
strBase = "<LDAP://"; & strOU & ">"
' Filter on user objects that have password never expires flag set.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(userAccountControl:1.2.840.113556.1.4.803:=65536))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,sAMAccountName"
' Query Active Directory and return recordset.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate the recordset.
Do Until adoRecordset.EOF
' Retrieve the attribute values.
strDN = adoRecordset.Fields("distinguishedName").Value
strNTName = adoRecordset.Fields("sAMAccountName").Value
Wscript.Echo strNTName & ", " & strDN
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
===========
The script can be run at a command prompt with the cscript host. Assuming
the code is in a file called PWNeverExp.vbs in the current directory, the
output can be redirected to a text file with a command similar to:
cscript //nologo PWNeverExp.vbs > report.txt
The //nologo option suppresses logo info.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Prev by Date: Script : VS 2005 - Attatch Virtual Network to Physical Network
- Previous by thread: Script : VS 2005 - Attatch Virtual Network to Physical Network
- Index(es):
Relevant Pages
|
Loading
