How to obtain password expiration date by using LDAP ADSI provider

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q323750
SUMMARY
This article contains sample code that demonstrates how to use the LDAP ADSI provider to obtain the password expiration date of an Active Directory user.
MORE INFORMATION
This article contains sample code for the following programs:
  • Visual Basic
  • VBScript

Visual Basic Sample Code

To use the following Visual Basic sample code, you must add Active DS Type Library to your Project's reference.
        '========================================    ' First, get the domain policy.    '========================================    Dim oDomain As IADsContainer    Dim oUser As IADsUser    Dim maxPwdAge As LargeInteger        '========================================    ' Declaring numDays as Currency, due to a    ' large number calculation.    '========================================    Dim numDays As Currency        strDomainDN = "YOURDOMAIN"    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"        Set oDomain = GetObject("LDAP://" & strDomainDN)    Set maxPwdAge = oDomain.Get("maxPwdAge")    '========================================    ' Calculate the number of days that are    ' held in this value.    '========================================    numDays = ((maxPwdAge.HighPart * 2 ^ 32) + _                maxPwdAge.LowPart) / -864000000000@    Debug.Print "Maximum Password Age: " & numDays        '========================================    ' Determine the last time that the user    ' changed his or her password.    '========================================    Set oUser = GetObject("LDAP://" & strUserDN)    '========================================    ' Add the number of days to the last time    ' the password was set.    '========================================    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)        Debug.Print "Password Last Changed: " & oUser.PasswordLastChanged    Debug.Print "Password Expires On: " & whenPasswordExpires    '========================================    ' Clean up.    '========================================    Set oUser = Nothing    Set maxPwdAge = Nothing    Set oDomain = Nothing				

VBScript Sample Code

To use the following sample you code, you must copy the code to a text file with a .vbs file extension.
    '========================================    ' First, get the domain policy.    '========================================    Dim oDomain    Dim oUser    Dim maxPwdAge    Dim numDays       strDomainDN = "YOURDOMAIN"    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"        Set oDomain = GetObject("LDAP://" & strDomainDN)    Set maxPwdAge = oDomain.Get("maxPwdAge")    '========================================    ' Calculate the number of days that are    ' held in this value.    '========================================    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _                    maxPwdAge.LowPart) / CCur(-864000000000)    WScript.Echo "Maximum Password Age: " & numDays        '========================================    ' Determine the last time that the user    ' changed his or her password.    '========================================    Set oUser = GetObject("LDAP://" & strUserDN)    '========================================    ' Add the number of days to the last time    ' the password was set.    '========================================    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)        WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged    WScript.Echo "Password Expires On: " & whenPasswordExpires    '========================================    ' Clean up.    '========================================    Set oUser = Nothing    Set maxPwdAge = Nothing    Set oDomain = Nothing    WScript.Echo "Done"				
REFERENCES
For more information about Active Directory Service Interfaces (ADSI) reference documentation, visit the following MSDN Web site: For more information about how to determine the last time the password was changed, click the following article number to view the article in the Microsoft Knowledge Base:
192949 How to find password last changed date using ADSI
Properties

Article ID: 323750 - Last Review: 05/19/2005 22:22:51 - Revision: 4.2

Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Server, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 1, Microsoft Windows XP Professional, Microsoft Active Directory Service Interfaces 2.5, Microsoft Active Directory Service Interfaces 2.5

  • kbdswadsi2003swept kbhowto KB323750
Feedback