1. 首頁
  2. 問答
  3. Active Directory PSO細粒度密碼msDS-MaximumPasswordAge

Active Directory PSO細粒度密碼msDS-MaximumPasswordAge

2011-12-23 162 views
1

尋找如何創建vbscript來提取PSO策略設置的最大天數。它迴歸爲...的價值,我不知道如何獲得設定的真實價值。Active Directory PSO細粒度密碼msDS-MaximumPasswordAge

這是我到目前爲止有:

Option Explicit 

Const ADS_UF_PASSWD_CANT_CHANGE = &H40 
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000 

Dim strFilePath, objFSO, objFile, adoConnection, adoCommand, objCDOConf 
Dim objRootDSE, strDNSDomain, strFilter, strQuery, adoRecordset, objMaxPwdAge 
Dim strDN, objShell, lngBiasKey, lngBias, blnPwdExpire, strDept, strAdd 
Dim objDate, dtmPwdLastSet, lngFlag, k, address, objAdd, objMessage 

' Check for required arguments. 
If (Wscript.Arguments.Count < 1) Then 
    Wscript.Echo "Arguments <FileName> required. For example:" & vbCrLf _ 
     & "cscript PwdLastChanged.vbs c:\MyFolder\UserList.txt" 
    Wscript.Quit(0) 
End If 

strFilePath = Wscript.Arguments(0) 
Set objFSO = CreateObject("Scripting.FileSystemObject") 

' Open the file for write access. 
On Error Resume Next 
Set objFile = objFSO.OpenTextFile(strFilePath, 2, True, 0) 
If (Err.Number <> 0) Then 
    On Error GoTo 0 
    Wscript.Echo "File " & strFilePath & " cannot be opened" 
    Wscript.Quit(1) 
End If 
On Error GoTo 0 

Set objShell = CreateObject("Wscript.Shell") 
lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\" _ 
    & "TimeZoneInformation\ActiveTimeBias") 
If (UCase(TypeName(lngBiasKey)) = "LONG") Then 
    lngBias = lngBiasKey 
ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then 
    lngBias = 0 
    For k = 0 To UBound(lngBiasKey) 
     lngBias = lngBias + (lngBiasKey(k) * 256^k) 
    Next 
End If 

' Use ADO to search the domain for all users. 
Set adoConnection = CreateObject("ADODB.Connection") 
Set adoCommand = CreateObject("ADODB.Command") 
adoConnection.Provider = "ADsDSOOBject" 
adoConnection.Open "Active Directory Provider" 
Set adoCommand.ActiveConnection = adoConnection 

' Determine the DNS domain from the RootDSE object. 
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("DefaultNamingContext") 

' Filter to retrieve all user objects. 
strFilter = "(&(objectClass=msDS-PasswordSettings))" 

' Filter to retrieve all computer objects.  
strQuery = "<LDAP://CN=PSO-Information Systems,CN=Password Settings Container,CN=System,DC=yrmc,DC=org>;" _ 
    & ";cn,msDS-LockoutDuration,msDS-MaximumPasswordAge,msDS- 

PasswordSettingsPrecedence;subtree" 

    adoCommand.CommandText = strQuery 
    adoCommand.Properties("Page Size") = 100 
    adoCommand.Properties("Timeout") = 30 
    adoCommand.Properties("Cache Results") = False 

Set adoRecordset = adoCommand.Execute 
Do Until adoRecordset.EOF 
    objFile.WriteLine adoRecordset.Fields("cn").Value 
    adoRecordset.MoveNext 
Loop 
adoRecordset.Close

我可以得到CN和值甚至msDS-PasswordSettingsPrecedence而不是msDS-MaximumPasswordAge。任何幫助,將不勝感激。

來源

2011-12-23 Kamster

回答

0

你在你的AD像

domainLookupString = ""CN=UsersPSO,CN=Password Settings Container,CN=System,DC=COMPAY,DC=ORG";

找到UsersPSO位置,然後在年底運行LDAP查詢

ldapFilterString = "(&(objectClass=msDS-PasswordSettings))";

,獲得與當前的密碼最長使用期限的LDAP屬性PSO政策

"msDS-MaximumPasswordAge"

來源

2014-12-17 15:32:43

相關問題

 相關問題