[Samba] How to get password expiration?

Jeff Sadowski jeff.sadowski at gmail.com
Fri Feb 3 14:44:39 UTC 2017 

This seems to work for maxPwdAge

ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
maxPwdAge

now I just need to query a users pwdLastSetq
I tried the commands above but am not getting anything. I tried looking at
the ungrepped output but I don't see how to link the pwdLastSet with any
user. I get a long list.
I think I'm looking for dn: and a matching pwdLastSet? So I tried the
command bellow but I don't see anything that looks like users.


ldapsearch -h ad.mydomain.tld -b 'dc=ad,dc=mydomain,dc=tld' -D
'*@ad.mydomain.tld' -U myusername|grep -e "^pwdLastSet:" -e "^dn:"|less
gives me as follows

dn: DC=ad,DC=mydomain,DC=tld
dn: CN=Computers,DC=ad,DC=mydomain,DC=tld
dn: CN=AD2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
pwdLastSet: 129912036833708410
dn: CN=DC1,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
pwdLastSet: 131292041205350825
dn: OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
dn: CN=DC2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
pwdLastSet: 131300093694348218
dn: CN=OMEGA,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
pwdLastSet: 129908837104473721
dn: CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=RID Manager$,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=Users,DC=ad,DC=mydomain,DC=tld
dn: CN=LostAndFound,DC=ad,DC=mydomain,DC=tld
dn: CN=Infrastructure,DC=ad,DC=mydomain,DC=tld
dn: CN=ForeignSecurityPrincipals,DC=ad,DC=mydomain,DC=tld
dn: CN=Program Data,DC=ad,DC=mydomain,DC=tld
dn: CN=Microsoft,CN=Program Data,DC=ad,DC=mydomain,DC=tld
dn: CN=NTDS Quotas,DC=ad,DC=mydomain,DC=tld
dn: CN=Managed Service Accounts,DC=ad,DC=mydomain,DC=tld
dn: CN=WinsockServices,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=RpcServices,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=Default Domain Policy,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=AppCategories,CN=Default Domain
Policy,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=Meetings,CN=System,DC=ad,DC=mydomain,DC=tld
dn: CN=Policies,CN=System,DC=ad,DC=mydomain,DC=tld
...

More information about the samba mailing list