Question : Windows Server 2003 - LDAP - Query Password Expire - VBS

I used the following question as a guide.. I am having problems getting it to work.

======

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24376977.html?sfQueryTermInfo=1+10+30+expir+password+vb+window

======

If I change the sGroup (Line 32) to CN=Users or anything I get a check your group pop up.  I don't see how to bind to the LDAP even though I am signed in as the administrator.  If I use LDP I have to bind to get it to show my AD.

I have reposted the code with my changes and the error message I get.  I also posted my LDP setup encase I am just an idiot and didnt specify the sGroup correctly.

 

LDAP-2.JPG (13 KB) (File Type Details) 

Error

Right now an OU is specified but I truly want it to list all users in the AD.

Any help getting this working is appreciated.

 

LDAP-1.JPG (216 KB) (File Type Details) 

LDP

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183:

Option Explicit Call PwdExpiryInfo Sub PwdExpiryInfo() ' Version 1.0 ' Writen by Krystian Karia ' Dated 04/05/2009 ' Gets a list of users from the group ' specified and then checks their ' Password Expiry date. ' NOTE: Script must be run in a CMD.exe ' window as: CScript.exe ScriptName.vbs ' This is due to the number of outputs ' that is created. ' Catch errors ourselves ' On Error Resume Next ' Declare Variables dim iTimeInterval, iMaxPwdAge Dim i, intUACvalue Dim dtmPwdChanged Dim objUserLDAP Dim arrMembers Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Const sGroup = "OU=DLI_ACCOUNTS,DC=dli,DC=local" ' < Spcify your group name here ' Get the list of users from the given group arrMembers = GetMembers(sGroup) If IsNull(arrMembers) Then ShowProgress "Check your group name or its member list" EndScript End If ' Loop each user to check password exiry date For i = 0 to UBound(arrMembers) If arrMembers(i) <> "" Then ShowProgress "" Set objUserLDAP = GetObject(arrMembers(i)) intUACvalue = objUserLDAP.Get("userAccountControl") If intUACvalue And ADS_UF_DONT_EXPIRE_PASSWD Then ShowProgress objUserLDAP.sAMAccountName ShowProgress " Password does not expire" Else dtmPwdChanged = objUserLDAP.PasswordLastChanged iTimeInterval = CInt(Now - dtmPwdChanged) iMaxPwdAge = GetMaxPwdAge ShowProgress objUserLDAP.sAMAccountName ShowProgress " Password was last changed " & dtmPwdChanged ShowProgress " Which was " & iTimeInterval & " days ago" If iMaxPwdAge < 0 Then ShowProgress " Password does not expire (Domain Policy's Maximum Password Age set to 0)" Else ShowProgress " The Domain Policy Max Password Age is " & iMaxPwdAge & " Days" If iTimeInterval >= iMaxPwdAge Then ShowProgress " The password has expired." Else ShowProgress " The password will expire in " & CInt((dtmPwdChanged + iMaxPwdAge) - Now()) & " Days" End If End If 'iMaxPwdAge End If 'intUACvalue End If Next ' arrMembers End Sub ' PwdExpiryInfo Function GetMembers(strGroup) ' Version 1.4 ' Written by Krystian Karia ' Dated 04/05/2009 ' Returns the LDAP path of each ' user from the given group ' Catch errors ourselves On Error Resume Next ' Declare variables Dim oGroup, oUser Dim strName Dim arrUsers ' Check parameters If strGroup = "" Then GetMembers = Null Exit Function End If ' Bind to group using the correct ADSI connector Set oGroup = GetObject("LDAP://" & strGroup) If Err.Number <> 0 Then Err.Clear ShowProgress "An error occured binding to the group " & strGroup GetMembers = Null Exit Function End If ' Loop group members For Each oUser In oGroup.Members strName = strName & oUser.ADsPath & vbNewLine Next ' Create an array of members If Trim(strName) <> "" Then arrUsers = Split(strName, vbNewLine) GetMembers = arrUsers Else GetMembers = Null End If Err.Clear End Function ' GetMembers Function GetMaxPwdAge() ' Version 1.0 ' Returns the Maximum Password Age ' which is usually set in the GPO ' named "Default Domain Policy" ' Catch errors ourselves On Error Resume Next ' Declare Variables Dim oRootDSE, oDomain, oMaxPwdAge Dim lngHighPart, lngLowPart Dim strDomainDN ' Get the current Domain DN Set oRootDSE = GetObject("LDAP://RootDSE") strDomainDN = oRootDSE.Get("DefaultNamingContext") ' Bind to current Domain Set oDomain = GetObject("LDAP://" & strDomainDN) Set oMaxPwdAge = oDomain.MaxPwdAge ' Get the 2 parts of the Integer8 value to get 2 32 bit values lngHighPart = oMaxPwdAge.HighPart lngLowPart = oMaxPwdAge.LowPart ' If the LowPart is less than 0 then we ned to add 1 to the HighPart If (lngLowPart < 0) Then lngHighPart = lngHighPart + 1 End If ' Return the value in Days GetMaxPwdAge = -((lngHighPart * 2^32) + lngLowPart)/(600000000 * 1440) End Function ' GetMaxPwdAge Sub ShowProgress(sComment) WScript.Echo sComment End Sub Sub EndScript WScript.Quit End Sub

Answer : Windows Server 2003 - LDAP - Query Password Expire - VBS

Sorry I sent that too fast.
Change : Set objTextFile = objFSO.OpenTextFile("c:\scripts\servers.txt", ForReading)

to

Set objTextFile = objFSO.CreateTextFile("c:\scripts\Output.txt",True)