' ********************************************************************* ' ' Name : List Non-Expiry Password.vbs ' Author : 3Ds (UK) Limited ' Description : VBScript to check for accounts that have a non-expiry password. ' Script Type : Monitoring. ' Arguments : None. ' Returns : 0 - Success, 1 - failed to run, 2 - one or more accounts found. ' Account details are listed in the output. ' Notes : Requires Windows Scripting Host (for VBScript). ' ' WIZARD:PARAMS=This script requires no parameters ' WIZARD:PARAMEXAMPLE= ' WIZARD:RESULTS=Return code ...||0 = OK|1 = An error prevented the script from running|2 = One or more accounts were found with non-expiry passwords.||Script output also indicates "OK" for success, or "Error" with details of the faults found. ' WIZARD:REMOTE ' ' ********************************************************************* ' Enable in-line error handling On Error Resume Next ' ------ Local declarations ------ Dim bFound ' True if found Dim objConnection ' ADO connection Dim objCommand ' ADO command Dim strDomain1 ' Domain name #1 Dim strDomain2 ' Domain name #2 ' TODO: Set up our domain name (e.g. YourCompany.com would be "YourCompany" & "com" ' or YourCompany.local would be "YourCompany" & "local" etc. strDomain1 = "YourCompany" strDomain2 = "com" ' Create our objects Set objConnection = CreateObject("ADODB.Connection") If Err.Number <> 0 Then ' Failed to retrieve the object WScript.Echo "Error. Unable to connect to ADO connection. " & Err.Description WScript.Quit(1) End If Set objCommand = CreateObject("ADODB.Command") If Err.Number <> 0 Then ' Failed to retrieve the object WScript.Echo "Error. Unable to connect to ADO command. " & Err.Description Set objConnection = Nothing WScript.Quit(1) End If ' Set properties objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.CommandText = ";(&(objectCategory=User)" & _ "(userAccountControl:1.2.840.113556.1.4.803:=65536));Name;Subtree" ' Run it Set objRecordSet = objCommand.Execute ' Loop through the results bFound = False objRecordSet.MoveFirst Do Until objRecordSet.EOF ' Found an account - check we're not ignoring it ' TODO: Add any accounts you know about (and don't want to be alerted about) here If objRecordSet.Fields("Name").Value = "IgnoreThisAccount" or objRecordSet.Fields("Name").Value = "AndThisAccount" Then ' Ignore it Else ' Report it Wscript.Echo "Error. Non-expiry Password: " & objRecordSet.Fields("Name").Value bFound = True End If objRecordSet.MoveNext Loop If bFound = True Then ' One or more accounts locked out Set objCommand = Nothing Set objConnection = Nothing WScript.Quit(2) End If ' ------ Cleanup ------ ' No problems Set objCommand = Nothing Set objConnection = Nothing Wscript.Echo "OK. No accounts found with non-expiry password" WScript.Quit(0) ' ------ End of Script ------