更改密码过期日期在活动目录使用VBS [英] Change password expiration date in Active Directory using VBS

问题描述

我试图更改密码过期日期使用VBScript在Active Directory用户。我有code，以获取有关用户的密码信息，但我无法找到如何改变什么。任何帮助将大大AP preciated！

下面是我的code：

 常量SEC_IN_DAY = 86400
常量ADS_UF_DONT_EXPIRE_PASSWD =安培; H10000

设置objOU传递= GetObject的（LDAP：// CN = [用户名]，OU =用户，OU =纽约，OU = NA，OU = [域]，DC = [域]，DC =公司）

intCurrentValue = objOU.Get（userAccountControl的）

如果intCurrentValue和ADS_UF_DONT_EXPIRE_PASSWD然后
  wscript.echo密码不会过期。
其他
  dtmValue = objOU.PasswordLastChanged
  Wscript.echo的口令最后更改的＆放大器; _
  则DateValue（dtmValue）及在与＆amp; TIMEVALUE（dtmValue）及VbCrLf和放大器; _
  ＆AMP当密码是最后一组之间的差异; VbCrLf和放大器; _
  今天是＆放大器; INT（现 -  dtmValue）及天
  intTimeInterval = INT（现 -  dtmValue）

  设置objDomainNT = GetObject的（WINNT：// ropesgray）
  intMaxPwdAge = objDomainNT.Get（MaxPasswordAge）
  如果intMaxPwdAge＆LT; 0然后
    WScript.Echo密码最长使用期限设置为0，在＆放大器; _
      域。因此，密码不会过期。
  其他
    intMaxPwdAge =（intMaxPwdAge / SEC_IN_DAY）
    Wscript.echo密码最长使用期限为＆放大器; intMaxPwdAge和放大器; 天
    如果intTimeInterval＆GT; = intMaxPwdAge然后
      Wscript.echo的口令已过期。
    其他
      Wscript.echo＆放的口令将在到期; _
      则DateValue（dtmValue + intMaxPwdAge）及（与＆amp; _
      INT（（dtmValue + intMaxPwdAge） - 现在）及＆AMP从今天的日子; ）。
    结束如果
  结束如果
结束如果


strUserPrincipalName = objOU.Get（通过UserPrincipalName）
strSAMAccountName = objOU.Get（sAMAccountName赋）
strMaxPWAge = objOU.Get（经理人）

WScript.Echo strUserPrincipalName
WScript.Echo strSAMAccountName
WScript.Echo strMaxPWAge
 

解决方案

您可以使用的pwdLastSet 属性来更改密码过期，但也许不是你想要的方式。 的pwdLastSet 是100纳秒的时间间隔，因为中午12点1601年1月1日的数量。 据微软文档，这个属性接受只有两个值0或-1。

试试这个：

1. 设置的pwdLastSet 0，这意味着密码从未设定。
2. 然后设置的pwdLastSet 为-1，这意味着密码刚刚设定。因此，出现在的pwdLastSet 的值是当前的日期/时间。

我要用就用在W2K3它仍然致力于W2H8 R2。

您可以发现有工具（抱歉，法语），让你创建日期/从100纳秒的时间间隔数的时间，因为中午12点1601年1月1日。

要当心它延长了密码持续时间，这是不利于安全。

我希望它能帮助。

JP

I'm trying to change the password expiration date for a user in Active Directory using VBScript. I have the code to obtain information about a user's password, but I can't find anything about how to change it. Any help would be greatly appreciated!

Here's my code:

Const SEC_IN_DAY = 86400
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000

Set objOU = GetObject("LDAP://CN=[username],OU=Users,OU=New York,OU=NA,OU=[domain],DC=[domain],DC=firm")

intCurrentValue = objOU.Get("userAccountControl")

If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
  wscript.echo "The password does not expire."
Else
  dtmValue = objOU.PasswordLastChanged 
  Wscript.echo "The password was last changed on " & _
  DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
  "The difference between when the password was last set" & VbCrLf & _
  "and today is " & int(now - dtmValue) & " days"
  intTimeInterval = int(now - dtmValue)

  Set objDomainNT = GetObject("WinNT://ropesgray")
  intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
  If intMaxPwdAge < 0 Then
    WScript.Echo "The Maximum Password Age is set to 0 in the " & _
      "domain. Therefore, the password does not expire."
  Else
    intMaxPwdAge = (intMaxPwdAge/SEC_IN_DAY)
    Wscript.echo "The maximum password age is " & intMaxPwdAge & " days"
    If intTimeInterval >= intMaxPwdAge Then
      Wscript.echo "The password has expired."
    Else
      Wscript.echo "The password will expire on " & _
      DateValue(dtmValue + intMaxPwdAge) & " (" & _
      int((dtmValue + intMaxPwdAge) - now) & " days from today" & ")."
    End If
  End If
End If


'strUserPrincipalName = objOU.Get("userPrincipalName")
'strSAMAccountName = objOU.Get("sAMAccountName")
'strMaxPWAge = objOU.Get("manager")

'WScript.Echo strUserPrincipalName
'WScript.Echo strSAMAccountName
'WScript.Echo strMaxPWAge

解决方案

You can use the pwdLastSet attribute to change the password expiration, but perhaps not in the way you want. pwdLastSet is the number of 100-nanosecond intervals since 12:00 am January 1, 1601. According to Microsoft documentation, this attribute accepts only two values 0 or -1.

try this :

1. Set pwdLastSet to 0, this means that the password has never been set.
2. Then, Set pwdLastSet to -1, this means that the password has just been set. So the value that appears in pwdLastSet is the current date/time.

I use to use in in W2K3 and it's still working on W2H8 R2.

You can find there a tool (sorry in french) that allow you to create date/time from number of 100-nanosecond intervals since 12:00 am January 1, 1601.

Be carefull It lengthens the password duration, which is not good for security.

I hope it helps.

JP

这篇关于更改密码过期日期在活动目录使用VBS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！