The following VBS script will list the last password change date of all users in the current Active Directory domain using the pwdLastSet attribute
Usage
- Save the script to a .vbs file.
- Open a command prompt and drag in and run the script
- Or to save to a file pipe the results, for example
cscript List_User_pwdLastSet.vbs > Report_Password_Changes.csv
The Script
' USAGE: cscript C:\List_User_pwdLastSet.vbs > C:\Report_Password_Changes.csv
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
set objConn = CreateObject("ADODB.Connection")
set objCmd = CreateObject("ADODB.Command")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objCmd.ActiveConnection = objConn
objCmd.Properties("Cache Results") = False
strFilter = "(&(objectclass=user)(objectcategory=person))"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";distinguishedName;subtree"
objCmd.CommandText = strQuery
Set wshFSO=Createobject("Scripting.FileSystemObject")
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Set objRecordSet = objCmd.Execute
' Obtain local Time Zone bias from machine registry.
Set objShell = CreateObject("Wscript.Shell")
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" & "TimeZoneInformation\ActiveTimeBias")
If UCase(TypeName(lngBiasKey)) = "LONG" Then
lngTZBias = lngBiasKey
ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then
lngTZBias = 0
For k = 0 To UBound(lngBiasKey)
lngTZBias = lngTZBias + (lngBiasKey(k) * 256^k)
Next
End If
WScript.Echo "Usernam, PWD Last Change (Date), PWD Last Change (Days ago)"
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
Set objUser = GetObject("LDAP://" & strDN)
str_sAMAccountName = objUser.sAMAccountName
str_pwdLastSet = Integer8Date(objUser.pwdLastSet, lngTZBias)
int_DateDiff = DateDiff("D", str_PWDLastSet, Date)
WScript.Echo str_sAMAccountName & "," & str_pwdLastSet & "," & int_DateDiff
objRecordSet.MoveNext
Loop
Function Integer8Date(objDate, lngBias)
' Function to convert Integer8 (64-bit) value to a date, adjusted for
' local time zone bias.
Dim lngAdjust, lngDate, lngHigh, lngLow
lngAdjust = lngBias
lngHigh = objDate.HighPart
lngLow = objdate.LowPart
' Account for error in IADslargeInteger property methods.
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
If (lngHigh = 0) And (lngLow = 0) Then
lngAdjust = 0
End If
lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) + lngLow) / 600000000 - lngAdjust) / 1440
' Trap error if lngDate is ridiculously huge.
On Error Resume Next
Integer8Date = CDate(lngDate)
If Err.Number <> 0 Then
On Error GoTo 0
Integer8Date = #1/1/1601#
End If
On Error GoTo 0
End Function