How to obtain password expiration date by using LDAP ADSI provider (323750)


The information in this article applies to:

  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows XP Professional
  • Microsoft Active Directory Services Interface, System Component
  • Microsoft Active Directory Services Interface, Microsoft Active Directory Client
This article was previously published under Q323750

SUMMARY

This article contains sample code that demonstrates how to use the LDAP ADSI provider to obtain the password expiration date of an Active Directory user.

MORE INFORMATION

This article contains sample code for the following programs:
  • Visual Basic
  • VBScript

Visual Basic Sample Code

To use the following Visual Basic sample code, you must add Active DS Type Library to your Project's reference. 
    
    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain As IADsContainer
    Dim oUser As IADsUser
    Dim maxPwdAge As LargeInteger
    
    '========================================
    ' Declaring numDays as Currency, due to a
    ' large number calculation.
    '========================================
    Dim numDays As Currency
    
    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    
    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = ((maxPwdAge.HighPart * 2 ^ 32) + _
                maxPwdAge.LowPart) / -864000000000@
    Debug.Print "Maximum Password Age: " & numDays
    
    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    
    Debug.Print "Password Last Changed: " & oUser.PasswordLastChanged
    Debug.Print "Password Expires On: " & whenPasswordExpires

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

VBScript Sample Code

To use the following sample you code, you must copy the code to a text file with a .vbs file extension. 

    '========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain
    Dim oUser
    Dim maxPwdAge
    Dim numDays
   
    strDomainDN = "YOURDOMAIN"
    strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
    
    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
                    maxPwdAge.LowPart) / CCur(-864000000000)
    WScript.Echo "Maximum Password Age: " & numDays
    
    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    
    WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
    WScript.Echo "Password Expires On: " & whenPasswordExpires

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

    WScript.Echo "Done"

REFERENCES

For more information about Active Directory Service Interfaces (ADSI) reference documentation, visit the following MSDN Web site:

Platform SDK
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/active_directory_service_interfaces_adsi.asp

Alternatively, you can download the ADSI Help file from the following Microsoft Web site:

http://www.microsoft.com/ntserver/downloads/bin/nts/adsi25.chm

For more information about how to determine the last time the password was changed, click the following article number to view the article in the Microsoft Knowledge Base:

192949 How to find password last changed date using ADSI

Modification Type:MajorLast Reviewed:5/19/2005
Keywords:kbDSWADSI2003Swept kbhowto KB323750 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.