Announcement

Collapse
No announcement yet.

Password Expiry Notification SCRIPT to users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Expiry Notification SCRIPT to users

    Hi All,

    I'm new to this forum, i have vb script that will tirgger mail to users to change their password before it expires. This script works fine under normail OU structure, and this script not reading any users under sub-ou's. below is the script.

    **START of SCRIPT**
    Code:
     
    'Option Explicit
    ' Per environment constants - you should change these!
    Const HOSTING_OU = "stg" ' if required use ur OU
    Const SMTP_SERVER = "172.10.0.1"
    Const STRFROM = "[email protected]"
    Const DAYS_FOR_EMAIL = 45
    ' System Constants - do not change
    Const ONE_HUNDRED_NANOSECOND = .000000100 ' .000000100 is equal to 10^-7
    Const SECONDS_IN_DAY = 86400
    Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
    Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
    ' Change to "True" for extensive debugging output
    Const bDebug = true
    Dim objRoot
    Dim numDays, iResult
    Dim strDomainDN
    Dim objContainer, objSub
    Set objRoot = GetObject ("ldap://RootDSE")
    strDomainDN = objRoot.Get ("defaultNamingContext")
    'wscript.echo "HI to know" & objroot1
     
    Set objRoot = Nothing
    wscript.echo "HI to know" & strdomainDN
    set objFSO1 = CreateObject("Scripting.FileSystemObject")
    set ObjFile1 = objFSO1.CreateTextFile("c:\script\pwdexp.txt",8)
     
    numdays = GetMaximumPasswordAge (strDomainDN)
    t1 = "Maximum Password Age: " & numDays
    dp t1
    If numDays > 0 Then
    Set objContainer = GetObject ("ldap://CN=Users," & strDomainDN)
    Call ProcessFolder (objContainer, numDays)
    Set objContainer = Nothing
    If Len (HOSTING_OU) > 0 Then
    Set objContainer = GetObject ("LDAP://" & strDomainDN)
    objcontainer.filter = Array("organizationalunit")
    For each objSub in objContainer
    wscript.echo objsub
    wscript.echo objcontainer
    Call ProcessFolder (objsub, numDays)
    Next
    Set objContainer = Nothing
    End If
    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    'whenPasswordExpires = DateAdd ("d", numDays, oUser.PasswordLastChanged)
    'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    'WScript.Echo "Password Expires On: " & whenPasswordExpires
    End If
    WScript.Echo "Done"
    objFile1.writeline now
    objFile1.writeline "Done" 
    Function GetMaximumPasswordAge (ByVal strDomainDN)
    Dim objDomain, objMaxPwdAge
    Dim dblMaxPwdNano, dblMaxPwdSecs, dblMaxPwdDays
    Set objDomain = GetObject("LDAP://" & strDomainDN)
    Set objMaxPWdAge = objDomain.maxPwdAge
    If objMaxPwdAge.LowPart = 0 And objMaxPwdAge.Highpart = 0 Then
    ' Maximum password age is set to 0 in the domain
    ' Therefore, passwords do not expire
    GetMaximumPasswordAge = 0
    Else
    dblMaxPwdNano = Abs (objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
    dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND
    dblMaxPwdDays = Int (dblMaxPwdSecs / SECONDS_IN_DAY)
    objFile1.writeline "Maximum password age :" & dblMaxPwdDays
    GetMaximumPasswordAge = dblMaxPwdDays
     
    End If
    End Function
    Function UserIsExpired (objUser, iMaxAge, iDaysForEmail, iRes)
    Dim intUserAccountControl, dtmValue, intTimeInterval
    Dim strName
    On Error Resume Next
    Err.Clear
    strName = Mid (objUser.Name, 4)
    intUserAccountControl = objUser.Get ("userAccountControl")
    If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
    t1= "The password for " & strName & " does not expire."
    dp t1
    UserIsExpired = False
    Else
    iRes = 0
    dtmValue = objUser.PasswordLastChanged
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    UserIsExpired = True
    t1= "The password for " & strName & " has never been set."
    dp t1
    Else
    intTimeInterval = Int (Now - dtmValue)
    t1 ="The password for " & strName & " was last set on " & DateValue(dtmValue) & " at " & TimeValue(dtmValue) & " (" & intTimeInterval & " days ago)" 
    dp t1
    If intTimeInterval >= iMaxAge Then
    t1 ="The password for " & strName & " has expired."
    dp t1
    UserIsExpired = True
    Else
    iRes = Int ((dtmValue + iMaxAge) - Now)
    expdate = datevalue(dtmvalue + imaxage) & " " & timevalue(dtmvalue)
    wscript.echo expdate
    t1="The password for " & strName & " will expire on " & DateValue(dtmValue + iMaxAge) & " at " & TimeValue(dtmValue) & " (" & iRes & " days from today)."
    dp t1
    If iRes <= iDaysForEmail Then 
    t1=strName & " needs an email for password change"
    dp t1
    UserIsExpired = True
    Else
    t1 = strName & " does not need an email for password change"
    dp t1
    UserIsExpired = False
    End If
    End If
    End If
    End If
    End Function
    Sub ProcessFolder (objContainer, iMaxPwdAge)
    Dim objUser, iResult
    objContainer.Filter = Array ("User")
    ' Wscript.Echo "Checking company = " & Mid (objContainer.Name, 4)
    objFile1.writeline " "
    objFile1.writeline now
    objFile1.writeline "Checking company = " & Mid (objContainer.Name, 4)
     
    For each objUser in objContainer
    If Right (objUser.Name, 1) <> "$" Then
    If IsEmpty (objUser.Mail) or IsNull (objUser.Mail) Then
    t1= Mid (objUser.Name, 4) & " has no mailbox"
    dp t1
    Else
    If UserIsExpired (objUser, iMaxPwdAge, DAYS_FOR_EMAIL, iResult) Then
    ' wscript.Echo "...sending an email for " & objUser.Mail
    objFile1.writeline " "
    objFile1.writeline now
    objFile1.writeline "...sending an email for " & objUser.Mail
    Call SendEmail (objUser, iResult)
    Else
    t1= "...don't send an email"
    dp t1
    End If
    End If
    End If
    Next
    End Sub
    Sub SendEmail (objUser, iResult)
    Dim objMail
    Dim Textdesign
    Dim fso,f
    Set objMail = CreateObject ("CDO.Message")
    objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/con...tion/sendusing ") = 2
    objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/con...ion/smtpserver ") = SMTP_SERVER
     
    objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/con...smtpserverport ") = 25
    objMail.Configuration.Fields.Update
    objMail.From = STRFROM
    objMail.To = objUser.Mail
    objMail.CC = "[email protected]"
    objMail.Subject = "Your AD Password Expiration Reminder mail " & Mid (objUser.Name, 15)
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set f = fso.OpenTextFile("c:\script\header", 1)
    Textdesign = f.ReadAll
    f.close
    Set f = Nothing
    Set fso = Nothing
     
    'objMail.Textbody = "The active directory password for user " & objUser.userPrincipalName & " (" & objUser.sAMAccountName & ")" & vbCRLF & "will expire in " & iResult & " days. " & vbCRLF & "Please change it as soon as possible." & vbCRLF & vbCRLF & "Thank you," & vbCRLF & "Your email administrator" 
     
    If iResult > 0 Then
    wscript.echo "inside if" & expdate
    Textdesign = Textdesign & "in" & " " & iResult & " " & "days" & " "
    Else 
    Textdesign = Textdesign & "today" & " "
    End If
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set f = fso.OpenTextFile("c:\script\bottom", 1)
    Textdesign = Textdesign & f.ReadAll
    f.close
    Set f = Nothing
    Set fso = Nothing
    Textdesign = Textdesign & " " & " Please do not reply to this mail as it is a computer generated mail"
     
     
    objMail.HTMLBody = Textdesign
     
    objMail.Send
    Set objMail = Nothing
    End Sub
    Sub dp (str)
    If bDebug Then
    ' WScript.Echo str
    objFile1.writeline " "
    objFile1.writeline now
    objFile1.writeline str
     
    End If
    End Sub
    objFile1.writeline " "
    objFile1.writeline "The end time " & now

    **END OF SCRIPT**

    Please help me to list users inside sub-ou's.

    Regards,
    Ganesh
    Last edited by Dumber; 1st May 2010, 18:03.

  • #2
    Re: Password Expiry Notification SCRIPT to users

    A VBS script that goes in to your GPO that displays a popup window telling the user their password expires in # days and that the user MUST click OK to dismiss.

    It goes in the GPO - User Config - Policies - Admin Templates - System - Logon - Run these programs at user logon. You will also need to add the folder location to IE Trusted Sites to avoid having a popup asking if it should run the script.
    PwExpChk.vbs
    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain
    Dim oUser
    Dim maxPwdAge
    Dim numDays
    Dim warningDays
    warningDays = 6

    Set LoginInfo = CreateObject("ADSystemInfo")
    Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
    strDomainDN = UCase(LoginInfo.DomainDNSName)
    strUserDN = LoginInfo.UserName

    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")
    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
    maxPwdAge.LowPart) / CCur(-864000000000)
    'WScript.Echo "Maximum Password Age: " & numDays

    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)
    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    fromDate = Date
    daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

    'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    if (daysLeft < warningDays) and (daysLeft > -1) then
    Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
    End if
    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

    Comment

    Working...
    X