Web lists-archives.com

Re: [Samba] How to get password expiration?




On Tue, 7 Feb 2017 11:30:52 -0700
Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:

> figured out how to use ldapsearch also to get what I want.
> Also found how to convert AD time to unix time
> Another thing I wanted calculated was when an account expires.
> 
> ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
> "(sAMAccountName=$user)"
> 
> gives all the good information about a user.
> 
> here is how I used it to tell me all accounts expiring this next
> month.
> 
> h=ad.mydomain.tld
> b=dc=ad,dc=mydomain,dc=tld
> q=accountExpires
> for user in $(wbinfo -u);do
> accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
> 2>/dev/null | grep "^$q" | awk '{print $2}')
> if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
>  #microsoft uses 100 nanosecond increments so I remove the last 7
> digits to get seconds
>  #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds
> to make it unit time
>  act_exp=$(expr ${accountExpires::-7} - 11644430400)
>  days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
>  if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
>   echo $user expires in $days days
>  fi
> fi
> done

Hmm, accountExpires != msDS-UserPasswordExpiryTimeComputed

And from my internet investigations:

unixtimestamp=$((($WindowsTimeStamp/10000000)-11676009600))

and to turn that into number of days:

DAYS=$((($unixtimestamp - $DATE) / 3600 / 24))

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba