[Samba] How to get password expiration?
Rowland Penny
rpenny at samba.org
Tue Feb 7 18:44:33 UTC 2017
On Tue, 7 Feb 2017 11:30:52 -0700
Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
> figured out how to use ldapsearch also to get what I want.
> Also found how to convert AD time to unix time
> Another thing I wanted calculated was when an account expires.
>
> ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
> "(sAMAccountName=$user)"
>
> gives all the good information about a user.
>
> here is how I used it to tell me all accounts expiring this next
> month.
>
> h=ad.mydomain.tld
> b=dc=ad,dc=mydomain,dc=tld
> q=accountExpires
> for user in $(wbinfo -u);do
> accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
> 2>/dev/null | grep "^$q" | awk '{print $2}')
> if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
> #microsoft uses 100 nanosecond increments so I remove the last 7
> digits to get seconds
> #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds
> to make it unit time
> act_exp=$(expr ${accountExpires::-7} - 11644430400)
> days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
> if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
> echo $user expires in $days days
> fi
> fi
> done
Hmm, accountExpires != msDS-UserPasswordExpiryTimeComputed
And from my internet investigations:
unixtimestamp=$((($WindowsTimeStamp/10000000)-11676009600))
and to turn that into number of days:
DAYS=$((($unixtimestamp - $DATE) / 3600 / 24))
Rowland
More information about the samba
mailing list