[Samba] How to get password expiration?

mathias dufresne infractory at gmail.com
Fri Feb 3 15:38:12 UTC 2017


you can ask ldapsearch to filter for you rather than using grep.

Just add "PwdLastSet" (no matter the case) after your ldapsearch :

ldapsearch -h ad.mydomain.tld -b 'dc=ad,dc=mydomain,dc=tld' -D
'*@ad.mydomain.tld' -U myusername PwdLastSet

This will retrieve only DN + asked attributes.

Not all user have a password set so they should have a PwdLastSet. Anyway
you don't care they are not real user touching keyboards and making
mistakes. And you only want to display that information to real user making
real mistakes : )

2017-02-03 15:44 GMT+01:00 Jeff Sadowski via samba <samba at lists.samba.org>:

> This seems to work for maxPwdAge
> ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
> maxPwdAge
> now I just need to query a users pwdLastSetq
> I tried the commands above but am not getting anything. I tried looking at
> the ungrepped output but I don't see how to link the pwdLastSet with any
> user. I get a long list.
> I think I'm looking for dn: and a matching pwdLastSet? So I tried the
> command bellow but I don't see anything that looks like users.
> ldapsearch -h ad.mydomain.tld -b 'dc=ad,dc=mydomain,dc=tld' -D
> '*@ad.mydomain.tld' -U myusername|grep -e "^pwdLastSet:" -e "^dn:"|less
> gives me as follows
> dn: DC=ad,DC=mydomain,DC=tld
> dn: CN=Computers,DC=ad,DC=mydomain,DC=tld
> dn: CN=AD2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
> pwdLastSet: 129912036833708410
> dn: CN=DC1,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
> pwdLastSet: 131292041205350825
> dn: OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
> dn: CN=DC2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
> pwdLastSet: 131300093694348218
> dn: CN=OMEGA,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
> pwdLastSet: 129908837104473721
> dn: CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=RID Manager$,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=Users,DC=ad,DC=mydomain,DC=tld
> dn: CN=LostAndFound,DC=ad,DC=mydomain,DC=tld
> dn: CN=Infrastructure,DC=ad,DC=mydomain,DC=tld
> dn: CN=ForeignSecurityPrincipals,DC=ad,DC=mydomain,DC=tld
> dn: CN=Program Data,DC=ad,DC=mydomain,DC=tld
> dn: CN=Microsoft,CN=Program Data,DC=ad,DC=mydomain,DC=tld
> dn: CN=NTDS Quotas,DC=ad,DC=mydomain,DC=tld
> dn: CN=Managed Service Accounts,DC=ad,DC=mydomain,DC=tld
> dn: CN=WinsockServices,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=RpcServices,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=Default Domain Policy,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=AppCategories,CN=Default Domain
> Policy,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=Meetings,CN=System,DC=ad,DC=mydomain,DC=tld
> dn: CN=Policies,CN=System,DC=ad,DC=mydomain,DC=tld
> ...
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list