System Administration Scripting

2007年5月11日星期五

列出域中用户密码设置改动的情况

On Error Resume Next

Const ADS_PROPERTY_CLEAR = 1
Const ADS_SCOPE_SUBTREE = 2
Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://dc=microsoft,dc=com,dc=cn' WHERE " _
& "objectCategory='user'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strPath = objRecordSet.Fields("AdsPath").Value
Set objUser = GetObject(strPath)
intCurrentValue = objUser.Get("userAccountControl")

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
Wscript.Echo objUser.sAMAccountName & " : 密码永不过期!"
Else
dtmValue = objUser.PasswordLastChanged
Wscript.Echo objUser.sAMAccountName & "上一次更改密码的时间是:" & _
DateValue(dtmValue) & TimeValue(dtmValue) & VbCrLf & _
"自密码更改到现在已经" & int(now - dtmValue) & "天!"
intTimeInterval = int(now - dtmValue)

Set objDomainNT = GetObject("WinNT://microsoft.com.cn")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge < 0 Then
WScript.Echo "域安全策略中密码最大有效期设置为零。因此密码不过期。"
Else
intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
Wscript.Echo "密码最大有效期为:" & intMaxPwdAge & "天。"
If intTimeInterval >= intMaxPwdAge Then
Wscript.Echo "密码已经过期!"
Else
Wscript.Echo "密码过期的时间是:" & _
DateValue(dtmValue + intMaxPwdAge) & "离现在还有" & _
int((dtmValue + intMaxPwdAge) - now) & "天。"
End If
End If
End If
objRecordSet.MoveNext
Loop

Bookmark this post:
Ma.gnolia DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google


1 评论:

China-Hory 说...

感谢访问我的博客,以后多交流
等我以后有空,我会把模板弄好,分享出来

相关文章

©2007