Password expiration for a service account - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Password expiration for a service account

Page 2 of 2

Topic Options

#65849 - 2002-06-04 08:29 PM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Kent, Not sure what the deal is. If I use only a single name or try to do a split with multiple names, I get an OUT OF BOUNDS ARRAY ERROR when using the LDAP method. If I only change the LDAP call to WinNT then it works fine for either single or split calls. The $expiredatearray is where it gets the error. Not sure if it is because it needs a redim or maybe the full path to the container level is wrong. It appears though that I'm using the correct call because If I change the CN to OU I get a different error that the $pwexpire = $userobj.passwordexpireationdate is an unknown command. But when I put it back to CN I get the Out of Bounds array error. Shawn, Bryce, Bill, Others... Do any of you know why the array error, or how to fix it? Here is the LDAP I'm using, and it appears to be getting there, but the array call gets an error. code: $userobj = GetObject("LDAP://cn=sup-rdl,ou=Users,ou=BusinessUnitLevel,ou=cala,dc=swna,dc=MyCompany,dc=com") [ 04 June 2002, 20:38: Message edited by: NTDOC ]
Top

#65850 - 2002-06-04 10:19 PM Re: Password expiration for a service account
BrianTX BrianTX Korg Regular Registered: 2002-04-01 Posts: 895	It sounds to me like a formatting difference. The date is returned like this from winnt: YYYY/MM/DD HH:MM:SS.hh If it is returned differently from LDAP, then the script would have to be modified to account for that. (Unfortunately, I have no means to test on LDAP.. only have NT servers here.) Brian {edit} P.S.... I totally forgot about the @YDAYNO function which could definitely be substituted for the CalcDayofYear($CurrentDateArray) but unfortunately can't be substituted for the CalcDayofYear($expiredateArray) unless you were to take the risky step of resetting the date to the old date, getting @YDAYNO then going back to the correct date.. (I don't think that's a good idea, but I had a similar idea when working on this.) [ 04 June 2002, 22:57: Message edited by: BrianTX ]
Top

#65851 - 2002-06-05 03:21 AM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Don't think it is the date/time format. The LDAP call comes back blank for some reason. Not sure why at this time. If you run this code only with WinNT it works fine. If you rem out WinNT and run the LDAP GetObject code the UserPasswordExpires: comes back blank. code: $ldomain = @domain $lstrusername = "NTDOC" ;$userobj = GetObject("LDAP://cn=ntdoc,ou=Users,ou=mybusinessOU,ou=cala,dc=MyCompany,dc=com") $userobj = GetObject("WinNT://$LDomain/$lstrUserName") $pwexpire = $userobj.passwordexpirationdate ?"UserName: " + $userobj.name ?"UserPasswordExpires: " + $pwexpire I will try and locate information from other sources and or posting to NEWS group to see if someone else knows why or what is being done wrong here.
Top

#65852 - 2002-06-10 04:16 PM Re: Password expiration for a service account
BrianTX BrianTX Korg Regular Registered: 2002-04-01 Posts: 895	Have you figured this out, yet, NTDOC? Brian
Top

#65853 - 2002-06-15 08:40 AM Re: Password expiration for a service account
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	* BUMP * Any word on this Doc? Kent _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#65854 - 2002-07-31 08:12 AM Re: Password expiration for a service account
Kdyer Kdyer KiX Supporter Registered: 2001-01-03 Posts: 6241 Loc: Tigard, OR	* BUMP * Doc? _________________________ Utilize these resources: UDFs (Full List) KiXtart FAQ & How to's
Top

#65855 - 2002-07-31 09:51 AM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Ok... sorry. Been quite busy and forgot about this post. I've learned a little more about AD now, but not sure I'll be able to get it working or not, but I'll give it a try.
Top

#65856 - 2002-08-01 04:01 AM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	I'm working on it... but dang. Still does not work correctly using pure LDAP/ADSI code so far. The @PWAGE macro of KiXtart works. Can't seem to get the right info for KiXtart though using the LDAP/ADSI method of calls.
Top

#65857 - 2002-08-05 07:40 PM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	hmmm.... I'm starting to think this is not contained within the username object. Trying different names results in either name not found or not found in AD cache, etc... When I get back to work and get time to check on it, I'll try a different approach, making the call perhaps using the RootDSE method if I can.
Top

#65858 - 2002-08-05 08:18 PM Re: Password expiration for a service account
Chris S. Chris S. MM club member Registered: 2002-03-18 Posts: 2368 Loc: Earth	It (PasswordExpirationDate) is not, in fact, supported by the LDAP provider as referenced by: Provider Support of ADSI Interfaces. It is supported by the WinNT provider, as well as MaxPasswordAge and PasswordAge. What if you used LDAP to grab the container you wanted to query to grab your 'user list' and then used the WinNT provider to determine password age using a method similar to my last post in this thread... get @pwage from user list and send notification e-mail?
Top

#65859 - 2002-08-05 08:46 PM

Re: Password expiration for a service account

Chris S. Offline

MM club member

Registered: 2002-03-18
Posts: 2368
Loc: Earth

Here, I've modified my code and tested it as much as I can without having AD here...

code:

$user = GetObject("LDAP://PDC.DOMAIN.com,ou=Accounts,ou=Users,ou=Service Account Users,ou=SQL Service Accounts,cn=ServiceSql")
;$user=getobject("WinNT://@domain")
$user.filter="User",""
for each $u in $user
	$objUser=getobject("WinNT://@domain/"+$u.name)
	? $objUser.name "	"
	$maxage = $objUser.MaxPasswordAge / (60*60*24)
	$psdage = $objUser.PasswordAge / (60*60*24)
	Select
	Case $maxage < $psdage
		"Password is expired."
	Case $maxage - $psdage < 7
		"Password will expire in 7 days or less."
	Case 1
		"Password age within parameters."
	Endselect
next

Top

#65860 - 2002-08-05 09:22 PM Re: Password expiration for a service account
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	Cool stuff. And (coincidentally) it relates to a question that just came up today. I'd like to create a script (KiXtart or VBS) to "bump" a user's password expiration date up to three days from the current date. We don't have a AD... just NT/2K servers/clients. Ideally, the script would be run (from a batch file) something like this: kix32.exe bump.kix $User=%1 $Days=%2 (second parameter optional) I searched the boards, but haven't come up with a solution yet. Thanks, Mark
Top

#65861 - 2002-08-05 09:53 PM Re: Password expiration for a service account
Chris S. Chris S. MM club member Registered: 2002-03-18 Posts: 2368 Loc: Earth	Interesting question. So far as I can tell, the answer is yes & no. I tried this script as a test... code: $objUser=getobject("WinNT://@domain/testacnt") ? $objUser.name ? $objUser.PasswordExpirationDate $objUser.PasswordExpirationDate = "10/30/1998 10:00:00 AM" $objUser.Setinfo $objUser=getobject("WinNT://@domain/testacnt") ? $objUser.name ? $objUser.PasswordExpirationDate It changed the PasswordExpirationDate well enough, but not to the date I specified. It instead used the Default Schema property for MaxPasswordAge and pushed the expiration date out 90 days.
Top

#65862 - 2002-08-06 02:06 PM Re: Password expiration for a service account
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Thanks for the link Chris. I'll try to do some more testing in the next couple days. Lot of stuff to do besides scripting at work this week.
Top

#65863 - 2002-08-06 02:57 PM Re: Password expiration for a service account
New Mexico Mark New Mexico Mark Hey THIS is FUN Registered: 2002-01-03 Posts: 223 Loc: Columbia, SC	Interesting... It gives me something to play with at any rate. Thanks! Mark
Top

#65864 - 2006-03-03 09:54 AM Re: Password expiration for a service account
Kishe Kishe Lurker Registered: 2006-02-28 Posts: 4	i keep getting array of referense out of bounds
Top

#65865 - 2006-03-03 12:19 PM Re: Password expiration for a service account
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	Here I was thinking this whole topic was an active one so I put together a script. Nonetheless I'll post it anyway. Code: Function GetPwDaysleft($sDomain,$sUser) Dim $UserObj, $sAge, $sMax, $sTmp $UserObj = GetObject("WinNT://" + $sDomain + "/" + $sUser) $sAge = $UserObj.PasswordAge $sMax = $UserObj.MaxPasswordAge $sTmp = $sMax - $sAge $GetPwDaysleft = $sTmp / (606024) EndFunction ? GetPwDaysleft(@ldomain,@userid)
Top

Page 2 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org