{"id":69463,"date":"2005-07-05T20:58:00","date_gmt":"2005-07-05T20:58:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2005\/07\/05\/how-can-i-determine-when-a-user-last-changed-his-or-her-password\/"},"modified":"2005-07-05T20:58:00","modified_gmt":"2005-07-05T20:58:00","slug":"how-can-i-determine-when-a-user-last-changed-his-or-her-password","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-determine-when-a-user-last-changed-his-or-her-password\/","title":{"rendered":"How Can I Determine When a User Last Changed His or Her Password?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I determine when a user last changed his or her password?

— MG<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, MG. A long time ago one of the Scripting Guys worked at a local university. In one of the departments there it was easy to determine when a user last changed his or her password: that\u2019s because the administrative assistant kept a list of all the users in the department, all their passwords, and the dates and times when those passwords were changed. Best of all, she kept that list in a folder out on her desk; that way if anyone ever forgot their password they could just grab the folder and look up their password. <\/P>\n

And, yes, anyone else\u2019s password as well.<\/P>\n

So that\u2019s one<\/I> way to determine the last time a user changed his or her password. But here\u2019s another way:<\/P>

Set objUser = GetObject(“LDAP:\/\/CN=myerken,OU=management,DC=Fabrikam,DC=com”)\nWscript.Echo “Password last changed: ” & objUser.PasswordLastChanged\n<\/PRE>\n
Yes, that is<\/I> the entire script; this isn\u2019t one of those Web sites where we just show you the beginning of something and then make you pay to see the rest. (Although now that we think about it\u2026.) If we want to know the last time Ken Myer changed his password we just need to do two things:<\/P>\n\n\n\n\n
\u2022<\/TD>\n\n
Bind to Ken\u2019s user account in Active Directory.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
Echo the value of the PasswordLastChanged <\/B>attribute.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
That\u2019s all you have to do. Really.<\/P>\n
Of course, we\u2019re assuming that you\u2019re talking about an Active Directory user account; it\u2019s quite possible that you\u2019re talking about a Windows NT 4.0 user account, or even a local user account. If so, we appear to have a bit of a problem; after all, you need to use the WinNT provider to access NT 4.0 or local user accounts, and the WinNT provider does not support the PasswordLastChanged attribute. <\/P>\n
So does that mean we\u2019re out of luck when it comes to NT 4.0 or local user accounts? Ah, you guys should know us better than that:<\/P>
strComputer = “atl-ws-01”<\/p>\n
Set objUser = GetObject(“WinNT:\/\/” & strComputer & “\/kenmyer”)<\/p>\n
intPasswordAge = objUser.PasswordAge\nintPasswordAge = intPasswordAge * -1 \ndtmChangeDate = DateAdd(“s”, intPasswordAge, Now)<\/p>\n
WScript.Echo “Password last changed: ” & dtmChangeDate\n<\/PRE>\n
As you can see, this script is a tiny bit longer, but still pretty simple. We begin by connecting to the Ken Myer account (username kenmyer<\/B>) on the computer atl-ws-01. (What if you wanted to connect to an NT 4.0 domain instead? That\u2019s fine; just replace the value atl-ws-01<\/B> with the name of that domain.) We then grab the value of the PasswordAge<\/B> attribute and store it in a variable named intPasswordAge.<\/P>\n
How come we don\u2019t just echo the value of PasswordAge? Well, PasswordAge actually represents the number of seconds that have expired since the password last changed. Suppose you get back an answer like this:<\/P>
50725249\n<\/PRE>\n
Off the top of your head, can you subtract 50725249 seconds from the current date and time and calculate when the password was last changed?<\/P>\n
Really? Wow; that\u2019s impressive. We couldn\u2019t do that ourselves, however, so we let the script do it for us. To begin with, we took the value of intPasswordAge and multiplied it by -1:<\/P>
intPasswordAge = intPasswordAge * -1\n<\/PRE>\n
Why? Well, in the very next line of code we\u2019re going to use the DateAdd<\/B> function to determine the date the password was last set. To do that, we need to pass DateAdd three parameters:<\/P>\n\n\n\n\n\n
\u2022<\/TD>\n\n
The time interval we\u2019re dealing with. Because PasswordAge is stored in seconds we use \u201cs\u201d<\/B> as our first parameter.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
The number of seconds to add to the current date. This is why we multiplied intPasswordAge by -1. We don\u2019t really want to add<\/I> intPasswordAge to the current date; that would give us a time somewhere out in the future. Instead, we want to subtract<\/I> intPasswordAge from the current date; after all, intPasswordAge is the number of seconds that have elapsed since the password was last changed. Because adding a negative number is the same thing as subtracting a positive number, we multiply intPasswordAge by -1.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
The current date and time. For that we use the VBScript function Now<\/B>.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
That\u2019s it; the result of our equation is stored in the variable dtmChangeDate, and in the last line of code we echo the value of that variable. At the time we created and tested this script it told us the password was last changed on 11\/22\/2003 at 12:02:10 PM. (It also told us that we don\u2019t do a very good job of keeping our local user account passwords up to date.)<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I determine when a user last changed his or her password?— MG Hey, MG. A long time ago one of the Scripting Guys worked at a local university. In one of the departments there it was easy to determine when a user last changed his or her password: that\u2019s because […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,23,24,3,20,5],"class_list":["post-69463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-local-accounts-and-windows-nt-4-0-accounts","tag-other-directory-services","tag-scripting-guy","tag-user-accounts","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I determine when a user last changed his or her password?— MG Hey, MG. A long time ago one of the Scripting Guys worked at a local university. In one of the departments there it was easy to determine when a user last changed his or her password: that\u2019s because […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/69463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=69463"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/69463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=69463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=69463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=69463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}