DSQUERY password never expires

[billybarty]

I have been looking in dsquery commands to try to find how to output a list of accounts that are set to never expire but I can't find the correct command. Is this possible with dsquery and if so what is the command?

 

[markdmac]

Here is the code you need to check if a password is set to expire. All you need to do is alter this to loop through each of your users and record the results.

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objUser = GetObject("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com")
intUserAccountControl = objUser.Get("userAccountControl")

If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
    WScript.Echo "The password does not expire."
    WScript.Quit
Else
    WScript.Echo "The password expires."
End If

I hope you find this post helpful.

Regards,

Mark

 

[billybarty]

Thanks for the quick response. Do I just change the LDAP path to reflect my domain and it will go through the users? And do I save it as a vbs script and execute it on the DC? Thanks for the help.

 

[markdmac]

You almost have it. Yes you need to change the LDAP Path, but as you can see from the example it binds to a specific user. So you need to "make this script Enterprise Ready."

I'll be happy to assist you with this effort, however I will first give you a homework assignment and refer you to my FAQ on the subject. faq329-4871 This FAQ should help you understand the kind of changes you will need to make.

I hope you find this post helpful.

Regards,

Mark