password policy

  • Thread starter Thread starter Patrick
  • Start date Start date
what is a command line for getting output of password policies on a
w2k server?
Using the Active Directory command line tools, tips 7714, 7330, and 6820 in the
'Tips & Tricks' at http://www.jsiinc.com

set qry=dsquery * domainroot -filter
"(&(objectClass=domainDNS)(distinguishedName=DC=JSIINC,DC=COM))" -attr
minPwdLength pwdProperties pwdHistoryLength maxPwdAge minPwdAge -limit 0
REM The above is 1 line - replace with your domain
for /f "Skip=1 Tokens=1-5" %%a in ('%qry%') do (
set minPwdLength=%%a
set pwdProperties=%%b
set pwdHistoryLength=%%c
set maxPwdAge=%%d
set minPwdAge=%%e
)


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
thanks Jerold,
is dsquery a w3K tool? I will not have access to that, these are w2k
servers I have to ck. I thought there was a net commad that gave me
the output of what the settings are. I don't need to change them just
view them, thanks
 
Patrick said:
thanks Jerold,
is dsquery a w3K tool? I will not have access to that, these are w2k
servers I have to ck. I thought there was a net commad that gave me
the output of what the settings are. I don't need to change them just
view them, thanks
Hi

The tool comes with Windows XP and Windows Server 2003.

From
http://www.jsiinc.com/subo/tip7300/rh7330.htm

<quote>
For instance, from your Windows XP desktop, you can query your
Windows 2000 SP3+ domain, or Windows Server 2003 domain
</quote>
 
Patrick said:
what is a command line for getting output of password policies
on a w2k server?
Hi

Below is a modified VBScript from the original by Richard Mueller in
this post (I have added a couple of properties):

http://groups.google.com/groups?selm=u4#[email protected]

Run the script in a command prompt with cscript.exe, e.g. like this:

C:\>cscript.exe "C:\Scripts\PwdPolicies.vbs"


'--------------------8<----------------------

Option Explicit
Dim objRootDSE, strDNSDomain, objDomain
Dim objMinPWAge, lngMinPWAge
Dim objDuration, lngDuration
Dim objLockoutWin, lngLockoutWin
Dim objMaxPWAge, lngMaxPwdAge

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)

Wscript.Echo "Domain policy values"

Set objMaxPWAge = objDomain.maxPwdAge
lngMaxPwdAge = Int8ToSec(objMaxPWAge) / (24 * 60 * 60)
Wscript.Echo "Maximum password age in days: " & lngMaxPwdAge


Set objMinPWAge = objDomain.minPwdAge
lngMinPWAge = Int8ToSec(objMinPWAge) / (24 * 60 * 60)
Wscript.Echo "Minimum password age in days: " & lngMinPWAge

Wscript.Echo "Minimum password length: " & objDomain.minPwdLength

Wscript.Echo "Password history length: " & objDomain.pwdHistoryLength

Set objDuration = objDomain.lockoutDuration
lngDuration = Int8ToSec(objDuration) / (60)
Wscript.Echo "Lockout duration in minutes: " & lngDuration

Set objLockoutWin = objDomain.lockoutObservationWindow
lngLockoutWin = Int8ToSec(objLockoutWin) / (60)
Wscript.Echo "Lockout window in minutes: " & lngLockoutWin

Wscript.Echo "Lockout threshold: " & objDomain.lockoutThreshold

Function Int8ToSec(objInt8)
' Function to convert Integer8 attributes from
' 64-bit numbers to seconds.
Dim lngHigh, lngLow
lngHigh = objInt8.HighPart
' Account for error in IADsLargeInteger property methods.
lngLow = objInt8.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
Int8ToSec = -(lngHigh * (2^32) + lngLow) / (10000000)
End Function
'--------------------8<----------------------
 
thanks for the response

Hi

Below is a modified VBScript from the original by Richard Mueller in
this post (I have added a couple of properties):

http://groups.google.com/groups?selm=u4#[email protected]

Run the script in a command prompt with cscript.exe, e.g. like this:

C:\>cscript.exe "C:\Scripts\PwdPolicies.vbs"


'--------------------8<----------------------

Option Explicit
Dim objRootDSE, strDNSDomain, objDomain
Dim objMinPWAge, lngMinPWAge
Dim objDuration, lngDuration
Dim objLockoutWin, lngLockoutWin
Dim objMaxPWAge, lngMaxPwdAge

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNSDomain)

Wscript.Echo "Domain policy values"

Set objMaxPWAge = objDomain.maxPwdAge
lngMaxPwdAge = Int8ToSec(objMaxPWAge) / (24 * 60 * 60)
Wscript.Echo "Maximum password age in days: " & lngMaxPwdAge


Set objMinPWAge = objDomain.minPwdAge
lngMinPWAge = Int8ToSec(objMinPWAge) / (24 * 60 * 60)
Wscript.Echo "Minimum password age in days: " & lngMinPWAge

Wscript.Echo "Minimum password length: " & objDomain.minPwdLength

Wscript.Echo "Password history length: " & objDomain.pwdHistoryLength

Set objDuration = objDomain.lockoutDuration
lngDuration = Int8ToSec(objDuration) / (60)
Wscript.Echo "Lockout duration in minutes: " & lngDuration

Set objLockoutWin = objDomain.lockoutObservationWindow
lngLockoutWin = Int8ToSec(objLockoutWin) / (60)
Wscript.Echo "Lockout window in minutes: " & lngLockoutWin

Wscript.Echo "Lockout threshold: " & objDomain.lockoutThreshold

Function Int8ToSec(objInt8)
' Function to convert Integer8 attributes from
' 64-bit numbers to seconds.
Dim lngHigh, lngLow
lngHigh = objInt8.HighPart
' Account for error in IADsLargeInteger property methods.
lngLow = objInt8.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
Int8ToSec = -(lngHigh * (2^32) + lngLow) / (10000000)
End Function
'--------------------8<----------------------
 
Back
Top