Password last set

Scott_M · ‎05-22-2012

Looking for help with a custom action that tell me when the user last set their password or how close they are to expiring. How cool would that be?

Scott

pryan67 · ‎10-20-2022

Well, you could always go to a command prompt and type in net user <username> /domain and it will tell you as well.

gbhsmis · ‎11-05-2021

i know this is old. but i cannot get this VB script to work.

I am a domain admin.

I think it's the LDP:// formating or something. I see where it has "LDP://" and I added my domain/LDP server there. Still nothing though. It just spins for a second, after I created the script and put it there, but nothing (even an error) pops up.

dteague · ‎12-19-2014

It must be how access is in AD.

I am a "normal" user (no extra rights), and can pull all the info from AD as me.

Technut27 · ‎12-18-2014

I came across this a long time ago and finally had a need to do something like this. It sort of works for me, if I us it on my own user page it returns the information perfectly like in the screen shot. But if I try it on another user it returns an error.

Error: The directory property cannot be found in the cache.
Code: 8000500D
Source: Active Directory

Maybe a permissions issue because my user account I'm logged into my workstation is not a domain admin account and can't fully read AD?

chads · ‎07-02-2012

Always enjoy finding these. such a cool action. Now only if instead of popping out a window separate from the lansweeper webpage and embedding the window result below the user would be awesome. but that would require a ton of work.

dteague · ‎05-22-2012

If you search, you should find this code on here already, and you put it under User Actions as... {actionpath}acctstat.vbs "{cn}"

If WScript.Arguments.Count = 1 Then
    struser = WScript.Arguments(0)
    Set objUser = GetObject("LDAP://" & struser)
    Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
    Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
    Const CHANGE_PASSWORD_GUID  = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
    Set objSD = objUser.Get("nTSecurityDescriptor")
    Set objDACL = objSD.DiscretionaryAcl
    Set objUserLDAP = GetObject("LDAP://" & struser)
    intCurrentValue = objUserLDAP.Get("userAccountControl")
    strSAMAccountName = objUser.Get("sAMAccountName")
    strCN = objUser.Get("cn")
    Set objNet = CreateObject("WScript.NetWork")
    dtmValue = objUserLDAP.PasswordLastChanged 
    intTimeInterval = int(now - dtmValue)
    Set objDomainNT = GetObject("WinNT://" & objNet.UserDomain)
    intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")/86400
    intMinPwdAge = objDomainNT.Get("MinPasswordAge")/86400
    
    For Each Ace In objDACL
        If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
            (LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
        blnEnabled = True
        End If
    Next


'Clear strMsg

    strMsg = ""


'Account Disabled?

    If objuser.AccountDisabled = True Then
        MsgBox "This account is Disabled.",0,strCN & "  (" & strSAMAccountName & ")"
    Else


'Account Locked?

        If objuser.IsAccountLocked = True Then
            strMsg = strMsg & "This account is Enabled but Locked." & VbCrLf & VbCrLf
        Else
            strMsg = strMsg & "This account is Enabled and Not Locked." & VbCrLf & VbCrLf
        End If


'Password Expires?

        If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
            strMsg = strMsg & "The Password Never Expires for this account due to account settings." & VbCrLf & _
                "   Password Changed:       " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & VbCrLf
        Else

            If intMaxPwdAge < 0 Then
                strMsg = strMsg & "The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire." & VbCrLf & VbCrLf
            Else


'Password Expired already?

                If intTimeInterval >= intMaxPwdAge Then
                strMsg = strMsg & "The password has Expired." & VbCrLf & _
                        "   Password Changed:       " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
                        "   Password Expires:           " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int(now - (dtmValue + intMaxPwdAge)) & " days ago" & VbCrLf &  _
                        "   (Maximum password age:  " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
                    Else
                    strMsg = strMsg & "The password has Not Expired." & VbCrLf & _
                        "   Password Changed:       " & DateValue(dtmValue) & VBTab & int(now - dtmvalue) & " days ago" & VbCrLf & _
                        "   Password Expires:           " & DateValue(dtmValue + intMaxPwdAge) & VBTab & int((dtmValue + intMaxPwdAge) - now + 1) & " days from today" & VbCrLf & _
                        "   (Maximum password age:  " & intMaxPwdAge & " days)" & VbCrLf & VbCrLf
                End If
            End If
        End If


'User can Change the Password?

        If blnEnabled Then
            strMsg = strMsg & strCN & " cannot change the password due to account settings."
        Else
            If intTimeInterval >= intMinPwdAge Then
                strMsg = strMsg & strCN & " can change the password."
            Else
                strMsg = strMsg & strCN & " can change the password after " & DateValue(dtmValue) + intMinPwdAge & "." & VbCrLf & _
                    "   (Minimum password age:  "& intMinPwdAge & " days)"
            End If
        End If

'Display the Info

        MsgBox strMsg,0,strCN & "  (" & strSAMAccountName & ")"

    End If

Else
    WScript.Echo "Error"

End If

Set objNet = Nothing
Set objUser = Nothing
Set objSD = Nothing
Set objDACL = Nothing
Set objUserLDAP = Nothing
Set objDomainNT = Nothing

Password last set

New to Lansweeper?

Try Lansweeper For Free