Password expiry details

[Pete Ch]

Hello,

Is there a utlity or query that can be run in AD 2003 to extract a list of
user password expiry dates?

Thanks alot for any help offered.

Peter.

 

[Richard Mueller [MVP]]

Is there a utlity or query that can be run in AD 2003 to extract a list of
user password expiry dates?

Thanks alot for any help offered.

I have an example VBScript program that retrieves the date/time when each
user in the domain last changed their password linked here:

http://www.rlmueller.net/PwdLastChanged.htm

I believe you can also use Joe Richards' free utilities for this:

http://www.joeware.net/freetools/index.htm

There is not a simple query for this because the attribute (pwdLastSet) is
Integer8 (a 64-bit number representing a date). However, with some
pre-calculations you could query for all users that have not changed their
password since a specified date. The query would be similar to:

(&(objectCategory=person)(objectClass=user)(pwdLastSet<=128304180000000000))

A VBScript program to convert a given date/time to the 64-bit value for the
filter is linked here:

http://www.rlmueller.net/Programs/DateToInteger8.txt

The value 128304180000000000 corresponds to Aug. 1, 2007, in my time zone.

 

[Mark Renoden [MSFT]]

Hi

While it doesn't produce a list, you might find AcctInfo.dll useful as
described in
http://www.microsoft.com/technet/pr...003/technologies/security/bpactlck.mspx#EPIAG

--
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.