Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Generate a list users with a password that never expires

Status
Not open for further replies.
fuunstatic

fuunstatic

MIS
Joined
Feb 19, 2002
Messages
363
Location
GB
Can someone tell me how can I generate a list of all users who have a password that never expires, from the Active Directory

I was thinking of CSVDE not sure how the info would be presented? unless there is a better way

The problem with troubleshooting is that sometimes it shoots back
 
Sort by date Sort by votes
You can use this finction in a vbscript:

Code: 
Function SearchPassNeverExpiresUsers()
	' Description:  Searches all users in the domain with "Password Never Expires" set
	' Returns:      an array with all the users
    Dim objRootDSE, objConnection, objCommand, objRecordSet, objUser
    Dim OutPut
    
    Set objRootDSE = GetObject("LDAP://rootDSE")
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Open "Provider=ADsDSOObject;"
    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = "<LDAP://" & objRootDSE.get("defaultNamingContext") & _
    				">;(&(objectCategory=person)(objectClass=user)" & _
					"(userAccountControl:1.2.840.113556.1.4.803:=65536))" & _
					";distinguishedName,sAMAccountName;subtree"
    Set objRecordSet = objCommand.Execute
    ReDim OutPut(0)
    While Not objRecordSet.EOF[COLOR=blue]
' 		On Error Resume next
        Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName") & "")
        'Do a binary comparison to see if account is disabled
        If Not objUser.get("userAccountControl") And 2 Then[/color]
            If OutPut(0) <> "" Then ReDim Preserve OutPut(UBound(OutPut) + 1)
            OutPut(UBound(OutPut)) = objRecordSet.Fields("sAMAccountName")
        [COLOR=blue]End If
' 	    On Error GoTo 0
        Set objUser = Nothing[/color]
        objRecordSet.MoveNext
    Wend
    objConnection.Close
    SearchPassNeverExpiresUsers = OutPut
    Set objRecordSet = Nothing
    Set objCommand = Nothing
    Set objConnection = Nothing
    Set objRootDSE = Nothing
End Function

I also filtered the disabled users.
If you don't want this you outcomment the lines of code in blue..

Hope this is what you want...

--------------------------------------
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs,
and the Universe trying to produce bigger and better idiots.
So far, the Universe is winning.
 
Upvote 0 Downvote
thanks for that, it looks like it should work as it looks similar to other code on the web

on running it I didn't get any output. I was about to investigate further when someone showed me the built in LDAP query feature available in AD Users and comps, used it exported it and it gave me what i wanted

thanks for your time and effort


The problem with troubleshooting is that sometimes it shoots back
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Question Question
Explorer Error the operating system is not compatible with this product
Replies
0
Views
275
techbrain1
techbrain1
ravalos
  • Locked
  • Question Question
Problem with PDFs in IIS
Replies
1
Views
2K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
1K
DrB0b
DrB0b
mangentle
  • Locked
  • Question Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question Question
Hybrid on prem AD with Azure AD
Replies
2
Views
607
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top