Results 1 to 5 of 5

Thread: List all users with 'Password Never Expires'

  1. #1
    Join Date
    Nov 2005
    Posts
    26

    List all users with 'Password Never Expires'

    Now a days we are working with our new client who need us to implement strong passwords on his sites. Well I can do that I but I was thing it would be great if someone can tell me if there is any easy way to generate a report of all users with 'Password Never Expires' set on their user account. It would be much better if this can be done using a Script.

    So is there anyone who can please let me know how can I create a new script which can generate a report including the list of users with 'Password Never Expires. Thanks for your helps.

  2. #2
    Join Date
    Sep 2005
    Posts
    56

    Re: List all users with 'Password Never Expires'

    I think the script you need is very easy and small too.

    ADFIND -bit -default -f
    "(&(objectCategory=person)(objectClass=user)(userAccountControl:AND:=65536))"
    samAccountName

    Just try using a freeware tool called "adfind". Just Google it to download.

  3. #3
    Join Date
    Sep 2004
    Posts
    104

    Re: List all users with 'Password Never Expires'

    Hello Tirana. In order to generate a report with values of sAMAccountName and cn attributes of all users with "Password Never Expires" set, just try out the following Script:

    ================
    Option Explicit

    Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
    Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strCN

    ' Setup ADO objects.

    Set adoCommand = CreateObject("ADODB.Command")
    Set adoConnection = CreateObject("ADODB.Connection")
    adoConnection.Provider = "ADsDSOObject"
    adoConnection.Open "Active Directory Provider"
    adoCommand.ActiveConnection = adoConnection

    ' Search entire Active Directory domain.

    Set objRootDSE = GetObject("LDAP://RootDSE")

    strDNSDomain = objRootDSE.Get("defaultNamingContext")
    strBase = "<LDAP://" & strDNSDomain & ">"

    ' Filter on users with Password Never Expires.
    strFilter = "(&(objectCategory=person)(objectClass=user)" _

    & "(userAccountControl:1.2.840.113556.1.4.803:=65536))"

    ' Comma delimited list of attribute values to retrieve.
    strAttributes = "sAMAccountName,cn"

    ' Construct the LDAP syntax query.
    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
    adoCommand.CommandText = strQuery
    adoCommand.Properties("Page Size") = 100
    adoCommand.Properties("Timeout") = 30
    adoCommand.Properties("Cache Results") = False

    ' Run the query.
    Set adoRecordset = adoCommand.Execute

    ' Enumerate the resulting recordset.
    Do Until adoRecordset.EOF

    ' Retrieve values and display.
    strName = adoRecordset.Fields("sAMAccountName").Value
    strCN = adoRecordset.Fields("cn").value

    Wscript.Echo "NT Name: " & strName & ", Common Name: " & strCN

    ' Move to the next record in the recordset.
    adoRecordset.MoveNext
    Loop

    ' Clean up.

    adoRecordset.Close
    adoConnection.Close
    Let me know the results.

  4. #4
    Join Date
    Sep 2009
    Posts
    5

    Re: List all users with 'Password Never Expires'

    Does anyone know a way to get a list of all users in a domain that have no passwords in them

  5. #5
    Join Date
    Jul 2004
    Posts
    109

    Re: List all users with 'Password Never Expires'

    Here is the LDAP filter to retrieve all users with "Password Never Expires" set:

    "(&(objectCategory=person)(objectClass=user)" _
    & "(userAccountControl:1.2.840.113556.1.4.803:=65536))"
    Also remember that your users or any particular may also have "password not required" set. The filter for this would be:

    "(&(objectCategory=person)(objectClass=user)" _
    & "(userAccountControl:1.2.840.113556.1.4.803:=32))"
    So if you want to combine them, simply apply this:

    "(&(objectCategory=person)(objectClass=user)" _
    & "(|(userAccountControl:1.2.840.113556.1.4.803:=65536)"
    & "(userAccountControl:1.2.840.113556.1.4.803:=32)))"

Similar Threads

  1. AD inactive users list?
    By Daiwikr in forum Active Directory
    Replies: 3
    Last Post: 30-03-2015, 03:58 PM
  2. Script to list users who Are connected
    By Ron1 in forum Networking & Security
    Replies: 3
    Last Post: 11-09-2009, 02:31 PM
  3. Change password for users with blank password: Error
    By Ihit in forum Active Directory
    Replies: 3
    Last Post: 06-06-2008, 06:21 PM
  4. Help :-( Export list of users
    By PureNectar in forum Active Directory
    Replies: 4
    Last Post: 06-12-2007, 07:00 PM
  5. net user password never expires option
    By network admin in need of help in forum Windows Server Help
    Replies: 5
    Last Post: 24-09-2006, 05:35 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,642,937,004.80171 seconds with 17 queries