![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n \n
Hey, Scripting Guy! How can I get a list of all the users whose passwords never expire? Hey, NW. As you probably know, Internet gambling is illegal in the USA. That\u2019s too bad, because if it wasn\u2019t we\u2019d be willing to bet $10 that the answer to your question will be this: search Active Directory.<\/P>\n And as much as we hate to say \u201cWe told you so,\u201d well, guess what:<\/P> Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand = CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n objCommand.Properties(“Page Size”) = 1000<\/p>\n objCommand.CommandText = _\n “<LDAP:\/\/dc=fabrikam,dc=com>;” & _\n “(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536));” & _\n “Name;Subtree”\nSet objRecordSet = objCommand.Execute<\/p>\n objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n Wscript.Echo objRecordSet.Fields(“Name”).Value\n objRecordSet.MoveNext\nLoop\n<\/PRE>\n You\u2019re right: we should have bet way more than $10. What were we thinking<\/I>?<\/P>\n Actually, it\u2019s just as well that we didn\u2019t bet on this. The truth is, we cheated: we had some inside information. After all, any time you\u2019re looking for Active Directory-related stuff the answer is going to be the same: search Active Directory. We knew the answer long before you even asked the question.<\/P>\n What we didn\u2019t<\/I> know, at least in this case, was how to actually conduct our search. We won\u2019t talk too much about the details of writing scripts that search Active Directory; that background information can be found in our two-part Tales from the Script<\/I> article Dude, Where\u2019s My Printer?<\/B><\/A> However, we will take a minute of two to talk about the query we ended up using in order to conduct the search, a query that might look a bit different from the Active Directory queries you\u2019re used to working with: <\/P> If you\u2019re thinking, \u201cWhoa, that doesn\u2019t look like a SQL query to me,\u201d well, there\u2019s a good reason for that: this isn\u2019t<\/I> a SQL query. Instead, this is an example of the LDAP query syntax, a query syntax that can retrieve the same information as a SQL query, albeit in a much more cryptic fashion.<\/P>\n But if that\u2019s the case, then why did we decide to use this weird-looking syntax rather than the more familiar (and more comfortable) SQL query syntax? Well, as it turns out, the property that determines whether or not a password expires (ADS_UF_DONT_EXPIRE_PASSWD) is not a \u201cstand-alone\u201d property; that is, you can\u2019t get at the value using code similar to this:<\/P> Instead, this value is one of several \u201cflags\u201d found in the userAccountControl<\/B> attribute. The userAccountControl attribute is an example of a bitmask attribute, a single attribute that houses multiple property values; this single attribute tells you whether or not a password will expire, whether or not a password has<\/I> expired, whether or not an account is disabled, etc. In this case, if the flag with the value 65536 is switched \u201con,\u201d then the password never expires; if the flag is switched off, then the password does<\/I> expire.<\/P>\n
— NW<\/P>![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \nOn Error Resume Next<\/p>\n
objCommand.CommandText = _\n “<LDAP:\/\/dc=fabrikam,dc=com>;” & _\n “(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536));” & _\n “Name;Subtree”\n<\/PRE>\n
Wscript.Echo objUser.ADS_UF_DONT_EXPIRE_PASSWD\n<\/PRE>\n