Script Repository


Save password expiration date to text attribute

March 01, 2016
1296

Starting from Windows Server 2008, you can use the value of the msDS-UserPasswordExpiryTimeComputed attribute to check when a user or computer password expires. The attribute stores the date as a Large Integer. You can use the below script in Business Rules, Custom Commands and Scheduled Tasks to convert the value of the attribute to a human-readable form and save it to a certain text attribute to be able to display the password expiration date to users. For example, you can create a Scheduled Task to update user or computer accounts with actual password expiration dates on a regular basis.

Note: To view when a user's password expires, you can also use the Password Expiration Date field when viewing user properties in the Web Interface, and also on the Account tab of the dialog used to display user properties in the Administration Console. To calculate an expiration date to be displayed in the Password Expiration Date field and on the Account tab, Adaxes needs read access to Password Policies applied in your AD domains. Use the script as a workaround if you cannot provide access to the Password policies.

Parameter:

  • $passwordExpiryTimeAttributeName - specifies the LDAP display name of the attribute that will be used for storing password expiry dates in human-readable form.

Edit Remove
PowerShell
$psswordExpiryTimeAttributeName = "adm-CustomAttributeText1" # TODO: modify me

# Get the computed expiry time
$value = $Context.TargetObject.Get("msDS-UserPasswordExpiryTimeComputed")    

switch ($value)
{
    "9223372036854775807"
    {
        $value = "never"
    }
    "0"
    {
        $value = "unspecified"
    }
    default
    {
        $value = [DateTime]::FromFiletime([Int64]::Parse($value))
    }
}

# Update the user
$Context.TargetObject.Put($psswordExpiryTimeAttributeName, $value)
$Context.TargetObject.SetInfo()

Comments ( 0 )
No results found.
Leave a comment