Script for last password change date

I am creating a script to get the date of the last password change date for
each user in Users in abc.corp. I am trying to get the syntax right for the
Get Object for the user. It keeps failing on the Get Object command with the
error 80072030, There is no such object on the server. Icopied the command
out of the script center and it issupposed to work again 2003 AD. The line
is:
Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")

I used my id, so there should definitely be an object. Any ideas of why it
would fail?
--
Bettie

Sorry there is a typo in my message the line reads:
Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC=abc,DC=corp")

--
Bettie


"Bettie Claxton" wrote:

> I am creating a script to get the date of the last password change date for
> each user in Users in abc.corp. I am trying to get the syntax right for the
> Get Object for the user. It keeps failing on the Get Object command with the
> error 80072030, There is no such object on the server. Icopied the command
> out of the script center and it issupposed to work again 2003 AD. The line
> is:
> Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")
>
> I used my id, so there should definitely be an object. Any ideas of why it
> would fail?
> --
> Bettie

You have a - in the CN instead of =
old: Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")
new: Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC=abc,DC=corp")


"Bettie Claxton" wrote:

> I am creating a script to get the date of the last password change date for
> each user in Users in abc.corp. I am trying to get the syntax right for the
> Get Object for the user. It keeps failing on the Get Object command with the
> error 80072030, There is no such object on the server. Icopied the command
> out of the script center and it issupposed to work again 2003 AD. The line
> is:
> Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")
>
> I used my id, so there should definitely be an object. Any ideas of why it
> would fail?
> --
> Bettie

Bettie,
what is the userid you are using? Does it contain any non-alphanumeric
characters (,=+<>#;\")? If so, you would need to precede them with an escape
character (\)...

hth
Marcin

"Bettie Claxton" <BettieClaxton@discussions.microsoft.com> wrote in message
news:55475DCE-1A19-4A35-82AF-2F5A409CC94E@microsoft.com...
> Sorry there is a typo in my message the line reads:
> Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC=abc,DC=corp")
>
> --
> Bettie
>
>
> "Bettie Claxton" wrote:
>
>> I am creating a script to get the date of the last password change date
>> for
>> each user in Users in abc.corp. I am trying to get the syntax right for
>> the
>> Get Object for the user. It keeps failing on the Get Object command with
>> the
>> error 80072030, There is no such object on the server. Icopied the
>> command
>> out of the script center and it issupposed to work again 2003 AD. The
>> line
>> is:
>> Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")
>>
>> I used my id, so there should definitely be an object. Any ideas of why
>> it
>> would fail?
>> --
>> Bettie

Bettie Claxton wrote:

>I am creating a script to get the date of the last password change date for
> each user in Users in abc.corp. I am trying to get the syntax right for
> the
> Get Object for the user. It keeps failing on the Get Object command with
> the
> error 80072030, There is no such object on the server. Icopied the
> command
> out of the script center and it issupposed to work again 2003 AD. The
> line
> is:
> Set objUser = GetObject ("LDAP://CN=<userid>,OU=Users,DC-abc,DC=corp")
>
> I used my id, so there should definitely be an object. Any ideas of why
> it
> would fail?

It depends on what you mean by the "userid" of the user. If you mean the
Common Name (the value of the "cn" attribute, and the value displayed in the
field labeled "Name" in ADUC), then it should work if the user object
resides in the OU called "OU=Users". One possible problem is that the
default location for user objects is the container "CN=Users". And, of
course, it should be "DC=abc" instead of "DC-abc", but I assume that's a
typo.

Usually what people refer to as the "userid" is the "pre-Windows 2000 logon"
name of the user. This can be the same as the Common Name, but may not be.
If you start with the "pre-Windows 2000 logon" name, you need to convert it
to the Distinguished Name. Check the properties of the user in ADUC. The
"pre-Windows 2000 logon" name is on the "Account" tab. The Common Name
(value of the "cn" attribute) is in the title of the properties dialog (and
in the column labled "Name" when you view all objects in "OU=Users").

If all users are in "OU=Users" in abc.corp, you can enumerate all users with
code similar to:
=========
' Bind to the OU object with Distinguished Name of OU.
Set objOU = GetObject("LDAP://OU=Users,dc=abc,dc=corp")
' Filter on user objects.
objOU.Filter = Array("user")
' Enumerate all users in the OU.
For Each objUser In objOU
' Code to do something with each user object.
' For example, this displays each users Common Name
' and "pre-Windows 2000 logon" name (also called the NT name).
Wscript.Echo "Common Name: " & objUser.cn & ", NT Name: " &
objUser.sAMAccountName
Next
===========
This is convenient because you don't need to hard code the full
Distinguished Name of each user.

Finally, if it helps, I have an example VBScript program that documents the
last password change date for all users in the domain linked here:

http://www.rlmueller.net/PwdLastChanged.htm

This example uses a technology called ADO to retrieve information on all
users in the domain, including the value of the pwdLastSet attribute. It
uses a function to convert the Integer8 value of pwdLastSet (a 64-bit number
representing a date) into the date/time in the current time zone. The
program also documents if the user password can change.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--