A- A A+

Password en account lock informatie uit AD halen

Het script

Onderstaande script dumpt een lijst van gebruikers met de gegevens uit de AD.....

Het Script:

On Error Resume Next
Const adBSTR = 8
Const adDouble = 5
Const adVarChar = 200
Const MaxCharacters = 255
Const vbQuot = """"
Const ADS_UF_DONT_EXPIRE_PASSWORD = &H00010000
Const ADS_UF_MUST_CHANGE_PASSWORD = &H00800000
Const ADS_UF_ACCOUNTDISABLE = &H00000002
Const ADS_UF_LOCKOUT = &H00000010
Dim strStartNode : strStartNode="dc=fabrikam,dc=corp"
Dim longTemp

' Maak de dataset aan
Set DataList = CreateObject("ADOR.Recordset")
Datalist.Fields.Append "SAMAccountName", adVarChar , MaxCharacters
Datalist.Fields.Append "Name", adVarChar , MaxCharacters
Datalist.Fields.Append "Disabled", adBSTR, 3
Datalist.Fields.Append "Expire", adBSTR, 3
Datalist.Fields.Append "MustChange", adBSTR, 3
Datalist.Fields.Append "LockedOut", adBSTR, 3
Datalist.Fields.Append "PasswordExpires", adBSTR, MaxCharacters
DataList.OpenSet

objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000

' Haal alle gebruikers op
objCommand.CommandText = "<LDAP://" & strStartNode & ">;objectCategory=User);Name,"& _
  "SAMAccountName,userAccountControl,msDS-User-Account-Control-Computed," & _
  "msDS-UserPasswordExpiryTimeComputed;Subtree" 
Set objRecordSet = objCommand.Execute

' Vul de dataset met username en sorteer deze
objRecordSet.MoveFirst
Do Until objRecordSet.EOF     
    if not IsNull(objRecordSet.Fields("SamAccountName").Value) then  
        Datalist.AddNew      
        Datalist("SAMAccountName").Value = CStr(objRecordSet.Fields("SamAccountName").Value) 
        Datalist("Name").Value = objRecordSet.Fields("Name").Value       
        set ObjDate= objRecordSet.Fields("msDS-UserPasswordExpiryTimeComputed").Value    
        lngHigh = objDate.HighPart    
        lngLow = objDate.LowPart    
        If (lngLow < 0) Then lngHigh = lngHigh + 1    
        If (lngHigh = 0) And (lngLow = 0) Then
           dtmDate = "Niet"
        Else 
           dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) + lngLow)/600000000 - lngBias)/1440    
        End If        
        Datalist("PasswordExpires").Value = CStr(dtmDate)          
        LongTemp = CLng(objRecordSet.Fields("userAccountControl").Value)    
        if (LongTemp and ADS_UF_DONT_EXPIRE_PASSWORD) = ADS_UF_DONT_EXPIRE_PASSWORD then
          Datalist("Expire").Value="Nee"
        else
          Datalist("Expire").Value="Ja"
        End If  
        if (LongTemp and ADS_UF_ACCOUNTDISABLE) = ADS_UF_ACCOUNTDISABLE then
          Datalist("Disabled").Value="Ja"
        else
          Datalist("Disabled").Value="Nee"
        End If   
        if (LongTemp and AADS_UF_LOCKOUT)  = ADS_UF_LOCKOUT then
          Datalist("LockedOut").Value="Ja"
        else
          Datalist("LockedOut").Value="Nee"
        End If       
        LongTemp = CLng(objRecordSet.Fields("msDS-User-Account-Control-Computed").Value)    
        if (LongTemp and ADS_UF_MUST_CHANGE_PASSWORD) = ADS_UF_MUST_CHANGE_PASSWORD then
          Datalist("MustChange").Value="Ja"
        else
          Datalist("MustChange").Value="Nee"
        End If             
        Datalist.Update    
      end If    
    objRecordSet.MoveNext LoopDatalist.Sort = "SAMAccountName ASC"

    ' Dump allesDataList.MoveFirstWScript.Echo "Account; " & _
       "Naam; " & _
       "Uitgeschakeld; " & _
       "Wachtwoord verlopen; " & _
       "Moet wijzigen; " & _
       "Buitengesloten; " &  _
       "Wachtwoord verloopt"Do Until DataList.EOF
    WScript.Echo vbQuot & DataList.Fields.Item("SAMAccountName") & vbQuot & ";" & _ 
                       vbQuot & DataList.Fields.Item("Name") & vbQuot & ";" & _
                       vbQuot & DataList.Fields.Item("Disabled") & vbQuot & ";" & _
                       vbQuot & DataList.Fields.Item("Expire") & vbQuot & ";" & _    
                       vbQuot & DataList.Fields.Item("MustChange") & vbQuot & ";" & _
                       vbQuot & DataList.Fields.Item("LockedOut") & vbQuot  & ";" & _
                       vbQuot & DataList.Fields.Item("PasswordExpires") & vbQuot
    DataList.MoveNext
Loop