How to obtain password expiration date by using LDAP ADSI provider

Article translations Article translations
Article ID: 323750 - View products that this article applies to.
This article was previously published under Q323750
Expand all | Collapse all

SUMMARY

This article contains sample code that demonstrates how to use the LDAP ADSI provider to obtain the password expiration date of an Active Directory user.

MORE INFORMATION

This article contains sample code for the following programs:
  • Visual Basic
  • VBScript

Visual Basic Sample Code

To use the following Visual Basic sample code, you must add Active DS Type Library to your Project's reference.
    
    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain As IADsContainer
    Dim oUser As IADsUser
    Dim maxPwdAge As LargeInteger
    
    '========================================
    ' Declaring numDays as Currency, due to a
    ' large number calculation.
    '========================================
    Dim numDays As Currency
    
    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    
    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = ((maxPwdAge.HighPart * 2 ^ 32) + _
                maxPwdAge.LowPart) / -864000000000@
    Debug.Print "Maximum Password Age: " & numDays
    
    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    
    Debug.Print "Password Last Changed: " & oUser.PasswordLastChanged
    Debug.Print "Password Expires On: " & whenPasswordExpires

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

				

VBScript Sample Code

To use the following sample you code, you must copy the code to a text file with a .vbs file extension.

    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain
    Dim oUser
    Dim maxPwdAge
    Dim numDays
   
    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    
    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
                    maxPwdAge.LowPart) / CCur(-864000000000)
    WScript.Echo "Maximum Password Age: " & numDays
    
    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    
    WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    WScript.Echo "Password Expires On: " & whenPasswordExpires

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

    WScript.Echo "Done"

				

REFERENCES

For more information about Active Directory Service Interfaces (ADSI) reference documentation, visit the following MSDN Web site:
Platform SDK
http://msdn2.microsoft.com/en-us/library/aa772170.aspx
For more information about how to determine the last time the password was changed, click the following article number to view the article in the Microsoft Knowledge Base:
192949 How to find password last changed date using ADSI

Properties

Article ID: 323750 - Last Review: May 19, 2005 - Revision: 4.2
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Service Pack 3
  • Microsoft Windows 2000 Service Pack 2
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows XP Professional
  • Microsoft Active Directory Service Interfaces 2.5
  • Microsoft Active Directory Service Interfaces 2.5
Keywords: 
kbdswadsi2003swept kbhowto KB323750

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com