Notification

Icon
Error

Password last set

Posted: Monday, May 21, 2012 11:45:06 PM(UTC)
Scott M

Scott M

Member Original PosterPosts: 8
1
Like
Looking for help with a custom action that tell me when the user last set their password or how close they are to expiring. How cool would that be?

Scott
dteague
#1dteague Member Posts: 79  
posted: 5/22/2012 10:34:23 PM(UTC)
If you search, you should find this code on here already, and you put it under User Actions as... {actionpath}acctstat.vbs "{cn}"

Code:
If WScript.Arguments.Count = 1 Then
struser = WScript.Arguments(0)
Set objUser = GetObject("LDAP://" & struser)
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
Set objUserLDAP = GetObject("LDAP://" & struser)
intCurrentValue = objUserLDAP.Get("userAccountControl")
strSAMAccountName = objUser.Get("sAMAccountName")
strCN = objUser.Get("cn")
Set objNet = CreateObject("WScript.NetWork")
dtmValue = objUserLDAP.PasswordLastChanged
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://" & objNet.UserDomain)
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")/86400
intMinPwdAge = objDomainNT.Get("MinPasswordAge")/86400

For Each Ace In objDACL
If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
(LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
blnEnabled = True
End If
Next


'Clear strMsg

strMsg = ""


'Account Disabled?

If objuser.AccountDisabled = True Then
MsgBox "This account is Disabled.",0,strCN & " (" & strSAMAccountName & ")"
Else


'Account Locked?

If objuser.IsAccountLocked = True Then
strMsg = strMsg & "This account is Enabled but Locked." & VbCrLf & VbCrLf
Else
strMsg = strMsg & "This account is Enabled and Not Locked." & VbCrLf & VbCrLf
End If


'Password Expires?

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
strMsg = strMsg & "The Password Never Expires for this account due to account settings." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & VbCrLf
Else

If intMaxPwdAge < 0 Then
strMsg = strMsg & "The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire." & VbCrLf & VbCrLf
Else


'Password Expired already?

If intTimeInterval >= intMaxPwdAge Then
strMsg = strMsg & "The password has Expired." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Password Expires: " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int(now - (dtmValue + intMaxPwdAge)) & " days ago" & VbCrLf & _
" (Maximum password age: " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
Else
strMsg = strMsg & "The password has Not Expired." & VbCrLf & _
" Password Changed: " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
" Password Expires: " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int((dtmValue + intMaxPwdAge) - now + 1) & " days from today" & VbCrLf & _
" (Maximum password age: " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
End If
End If
End If


'User can Change the Password?

If blnEnabled Then
strMsg = strMsg & strCN & " cannot change the password due to account settings."
Else
If intTimeInterval >= intMinPwdAge Then
strMsg = strMsg & strCN & " can change the password."
Else
strMsg = strMsg & strCN & " can change the password after " & DateValue(dtmValue) + intMinPwdAge & "." & VbCrLf & _
" (Minimum password age: "& intMinPwdAge & " days)"
End If
End If

'Display the Info

MsgBox strMsg,0,strCN & " (" & strSAMAccountName & ")"

End If

Else
WScript.Echo "Error"

End If

Set objNet = Nothing
Set objUser = Nothing
Set objSD = Nothing
Set objDACL = Nothing
Set objUserLDAP = Nothing
Set objDomainNT = Nothing
dteague attached the following image(s):
CHQAUDT078-02.gif
chads
#2chads Member Posts: 89  
posted: 7/2/2012 5:11:10 PM(UTC)
Always enjoy finding these. such a cool action. Now only if instead of popping out a window separate from the lansweeper webpage and embedding the window result below the user would be awesome. but that would require a ton of work.
Technut27
#3Technut27 Member Posts: 79  
posted: 12/18/2014 9:34:26 PM(UTC)
I came across this a long time ago and finally had a need to do something like this. It sort of works for me, if I us it on my own user page it returns the information perfectly like in the screen shot. But if I try it on another user it returns an error.

Error: The directory property cannot be found in the cache.
Code: 8000500D
Source: Active Directory

Maybe a permissions issue because my user account I'm logged into my workstation is not a domain admin account and can't fully read AD?
dteague
#4dteague Member Posts: 79  
posted: 12/19/2014 6:54:03 PM(UTC)
It must be how access is in AD.

I am a "normal" user (no extra rights), and can pull all the info from AD as me.
gbhsmis
#5gbhsmis Member Posts: 1  
posted: 11/5/2021 8:59:46 PM(UTC)
i know this is old. but i cannot get this VB script to work.

I am a domain admin.

I think it's the LDP:// formating or something. I see where it has "LDP://" and I added my domain/LDP server there. Still nothing though. It just spins for a second, after I created the script and put it there, but nothing (even an error) pops up.

Active Discussions

Lansweeper Clearing Thermal State Warning
by  calmed-anodises   Go to last post Go to first unread
Last post: 5/20/2022 6:28:27 PM(UTC)
Lansweeper Quality problems with Lansweeper
by  Hendrik.VE  
Go to last post Go to first unread
Last post: 5/20/2022 3:43:44 PM(UTC)
Lansweeper Bitlocker keys
by  SWResearch   Go to last post Go to first unread
Last post: 5/20/2022 1:34:18 PM(UTC)
Lansweeper Lansweeper Helpdesk instructional webinar
by  Erik.T  
Go to last post Go to first unread
Last post: 5/20/2022 10:40:30 AM(UTC)
Lansweeper Outlook task and calendar
by  ITVTECH   Go to last post Go to first unread
Last post: 5/20/2022 8:26:51 AM(UTC)
Lansweeper SCCM scanning incorrectly reporting last seen results
by  SWResearch  
Go to last post Go to first unread
Last post: 5/20/2022 12:34:52 AM(UTC)
Lansweeper Scanning certificates
by  EagleEyeJoe   Go to last post Go to first unread
Last post: 5/19/2022 7:39:24 PM(UTC)
Lansweeper Lansweeper Cloud Location
by  FrankSc  
Go to last post Go to first unread
Last post: 5/19/2022 7:07:49 PM(UTC)