In this domain, in the default domain policy the Max Password Age is set to 90, however when I look for when the password will change using the below sample script
I always get the answer "The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire."
The rest of the possibilities below do work, just the password age doesn't.
This is a Win2K Active Directory
I need to expire all passwords on a specific date, but before I do that I need to ensure the system will continue expiring them by age.
What might I be doing wrong?
Thanks
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Set objUserLDAP = GetObject _
("LDAP://CN=myerken,OU=management,DC=fabrikam,DC=com")
intCurrentValue = objUserLDAP.Get("userAccountControl")
If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
Wscript.Echo "The password does not expire."
Else
dtmValue = objUserLDAP.PasswordLastChanged
Wscript.Echo "The password was last changed on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
"The difference between when the password was last set" & _
"and today is " & int(now - dtmValue) & " days"
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://fabrikam")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge < 0 Then
WScript.Echo "The Maximum Password Age is set to 0 in the " & _
"domain. Therefore, the password does not expire."
Else
intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
Wscript.Echo "The maximum password age is " & intMaxPwdAge & " days"
If intTimeInterval >= intMaxPwdAge Then
Wscript.Echo "The password has expired."
Else
Wscript.Echo "The password will expire on " & _
DateValue(dtmValue + intMaxPwdAge) & " (" & _
int((dtmValue + intMaxPwdAge) - now) & " days from today" & _
")."
End If
End If
End If
- [ActiveDir] max password age > where else to look? Douglas W Stelley
- Re: [ActiveDir] max password age > where else to... Al Mulnick
- RE: [ActiveDir] max password age > where else to... neil.ruston
- RE: [ActiveDir] max password age > where els... Gil Kirkpatrick
- RE: [ActiveDir] max password age > where else to... neil.ruston