[Samba] How to get password expiration?
Jeff Sadowski
jeff.sadowski at gmail.com
Fri Feb 3 17:21:49 UTC 2017
Almost there
Is there a way to query by username?
On Fri, Feb 3, 2017 at 8:38 AM, mathias dufresne <infractory at gmail.com>
wrote:
> Jeff,
>
> you can ask ldapsearch to filter for you rather than using grep.
>
> Just add "PwdLastSet" (no matter the case) after your ldapsearch :
>
> ldapsearch -h ad.mydomain.tld -b 'dc=ad,dc=mydomain,dc=tld' -D
> '*@ad.mydomain.tld' -U myusername PwdLastSet
>
> This will retrieve only DN + asked attributes.
>
> Not all user have a password set so they should have a PwdLastSet. Anyway
> you don't care they are not real user touching keyboards and making
> mistakes. And you only want to display that information to real user making
> real mistakes : )
>
> 2017-02-03 15:44 GMT+01:00 Jeff Sadowski via samba <samba at lists.samba.org>
> :
>
>> This seems to work for maxPwdAge
>>
>> ldapsearch -LLL -Q -s base -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
>> maxPwdAge
>>
>> now I just need to query a users pwdLastSetq
>> I tried the commands above but am not getting anything. I tried looking at
>> the ungrepped output but I don't see how to link the pwdLastSet with any
>> user. I get a long list.
>> I think I'm looking for dn: and a matching pwdLastSet? So I tried the
>> command bellow but I don't see anything that looks like users.
>>
>>
>> ldapsearch -h ad.mydomain.tld -b 'dc=ad,dc=mydomain,dc=tld' -D
>> '*@ad.mydomain.tld' -U myusername|grep -e "^pwdLastSet:" -e "^dn:"|less
>> gives me as follows
>>
>> dn: DC=ad,DC=mydomain,DC=tld
>> dn: CN=Computers,DC=ad,DC=mydomain,DC=tld
>> dn: CN=AD2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
>> pwdLastSet: 129912036833708410
>> dn: CN=DC1,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
>> pwdLastSet: 131292041205350825
>> dn: OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
>> dn: CN=DC2,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
>> pwdLastSet: 131300093694348218
>> dn: CN=OMEGA,OU=Domain Controllers,DC=ad,DC=mydomain,DC=tld
>> pwdLastSet: 129908837104473721
>> dn: CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=RID Manager$,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Users,DC=ad,DC=mydomain,DC=tld
>> dn: CN=LostAndFound,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Infrastructure,DC=ad,DC=mydomain,DC=tld
>> dn: CN=ForeignSecurityPrincipals,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Program Data,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Microsoft,CN=Program Data,DC=ad,DC=mydomain,DC=tld
>> dn: CN=NTDS Quotas,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Managed Service Accounts,DC=ad,DC=mydomain,DC=tld
>> dn: CN=WinsockServices,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=RpcServices,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=VolumeTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Default Domain Policy,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=AppCategories,CN=Default Domain
>> Policy,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Meetings,CN=System,DC=ad,DC=mydomain,DC=tld
>> dn: CN=Policies,CN=System,DC=ad,DC=mydomain,DC=tld
>> ...
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list