List all users with 'Password Never Expires'
Now a days we are working with our new client who need us to implement strong passwords on his sites. Well I can do that I but I was thing it would be great if someone can tell me if there is any easy way to generate a report of all users with 'Password Never Expires' set on their user account. It would be much better if this can be done using a Script.
So is there anyone who can please let me know how can I create a new script which can generate a report including the list of users with 'Password Never Expires. Thanks for your helps.
Re: List all users with 'Password Never Expires'
I think the script you need is very easy and small too.
ADFIND -bit -default -f
"(&(objectCategory=person)(objectClass=user)(userAccountControl:AND:=65536))"
samAccountName
Just try using a freeware tool called "adfind". Just Google it to download.
Re: List all users with 'Password Never Expires'
Hello Tirana. In order to generate a report with values of sAMAccountName and cn attributes of all users with "Password Never Expires" set, just try out the following Script:
Quote:
================
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strCN
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on users with Password Never Expires.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(userAccountControl:1.2.840.113556.1.4.803:=65536))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,cn"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strName = adoRecordset.Fields("sAMAccountName").Value
strCN = adoRecordset.Fields("cn").value
Wscript.Echo "NT Name: " & strName & ", Common Name: " & strCN
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
Let me know the results.
Re: List all users with 'Password Never Expires'
Does anyone know a way to get a list of all users in a domain that have no passwords in them
Re: List all users with 'Password Never Expires'
Here is the LDAP filter to retrieve all users with "Password Never Expires" set:
Quote:
"(&(objectCategory=person)(objectClass=user)" _
& "(userAccountControl:1.2.840.113556.1.4.803:=65536))"
Also remember that your users or any particular may also have "password not required" set. The filter for this would be:
Quote:
"(&(objectCategory=person)(objectClass=user)" _
& "(userAccountControl:1.2.840.113556.1.4.803:=32))"
So if you want to combine them, simply apply this:
Quote:
"(&(objectCategory=person)(objectClass=user)" _
& "(|(userAccountControl:1.2.840.113556.1.4.803:=65536)"
& "(userAccountControl:1.2.840.113556.1.4.803:=32)))"
