Sign in
Microsoft.com
 
Script Center
 
 
 
Script Center > Gallery > Active Directory > List Password Attributes for a User Account
TechNet Script Center logo

Welcome to the TechNet Script Center Gallery!
Each contribution is licensed to you under a License Agreement by its owner, not Microsoft. Microsoft does not guarantee the contribution or purport to grant rights to it.

List Password Attributes for a User Account

(Microsoft)
VERIFIED AND TESTED BY THE SCRIPT CENTER TEAM
Rate it:
 
 
 
 
 
Script Code
VBScript
Const ADS_UF_PASSWORD_EXPIRED = &h800000
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
 
Set objHash = CreateObject("Scripting.Dictionary")
objHash.Add "ADS_UF_PASSWD_NOTREQD", &h00020
objHash.Add "ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED", &h0080
objHash.Add "ADS_UF_DONT_EXPIRE_PASSWD", &h10000
 
Set objUser = GetObject _
    ("LDAP://CN=MyerKen,OU=management,DC=Fabrikam,DC=com")
intUserAccountControl = objUser.Get("userAccountControl")
 
Set objUserNT = GetObject("WinNT://fabrikam/myerken")
intUserFlags = objUserNT.Get("userFlags")
 
If ADS_UF_PASSWORD_EXPIRED And intUserFlags Then
    blnExpiredFlag = True
    Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is enabled"
Else
    Wscript.Echo "ADS_UF_PASSWORD_EXPIRED is disabled"
End If
 
For Each Key In objHash.Keys
    If objHash(Key) And intUserAccountControl Then 
        WScript.Echo Key & " is enabled"
    Else
        WScript.Echo Key & " is disabled"
  End If
Next
 
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl

For Each Ace In objDACL
    If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
        (LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
            blnACEPresent = True
    End If
Next

If blnACEPresent Then
    Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is enabled"
Else
    Wscript.Echo "ADS_UF_PASSWD_CANT_CHANGE is disabled"
End If
 
If blnExpiredFlag = True Then 
    Wscript.echo "pwdLastSet is null"
Else 
    Wscript.echo "pwdLastSet is " & objUser.PasswordLastChanged
End If
Platforms
Windows Server 2008 R2 No
Windows Server 2008 No
Windows Server 2003 Yes
Windows 7 No
Windows Vista No
Windows XP Yes
Windows 2000 Yes
For online peer support, join The Official Scripting Guys Forum! To provide feedback or report bugs in sample scripts, please start a new discussion on the Discussions tab for this script.
Disclaimer The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Be the first to create a discussion.