[Samba] How to get password expiration?

Jeff Sadowski jeff.sadowski at gmail.com
Wed Feb 8 16:33:54 UTC 2017 

correction on time offset

11644473600 is what shows the same times for me.

On Tue, Feb 7, 2017 at 4:11 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
wrote:

>
>
> On Tue, Feb 7, 2017 at 3:22 PM, Jeff Sadowski <jeff.sadowski at gmail.com>
> wrote:
>
>>
>>
>> On Tue, Feb 7, 2017 at 11:44 AM, Rowland Penny via samba <
>> samba at lists.samba.org> wrote:
>>
>>> On Tue, 7 Feb 2017 11:30:52 -0700
>>> Jeff Sadowski <jeff.sadowski at gmail.com> wrote:
>>>
>>> > figured out how to use ldapsearch also to get what I want.
>>> > Also found how to convert AD time to unix time
>>> > Another thing I wanted calculated was when an account expires.
>>> >
>>> > ldapsearch -h ad.mydomain.tld -b dc=ad,dc=mydomain,dc=tld
>>> > "(sAMAccountName=$user)"
>>> >
>>> > gives all the good information about a user.
>>> >
>>> > here is how I used it to tell me all accounts expiring this next
>>> > month.
>>> >
>>> > h=ad.mydomain.tld
>>> > b=dc=ad,dc=mydomain,dc=tld
>>> > q=accountExpires
>>> > for user in $(wbinfo -u);do
>>> > accountExpires=$(ldapsearch -h $h -b $b "(sAMAccountName=$user)" $q
>>> > 2>/dev/null | grep "^$q" | awk '{print $2}')
>>> > if [ "$(echo ${accountExpires}|wc -c)" -gt 7 ];then
>>> >  #microsoft uses 100 nanosecond increments so I remove the last 7
>>> > digits to get seconds
>>> >  #microsoft's epoch is jan 1 1601 so I subtract 11644430400 seconds
>>> > to make it unit time
>>> >  act_exp=$(expr ${accountExpires::-7} - 11644430400)
>>> >  days=$(expr $(expr $act_exp - `date "+%s"`) / 86400)
>>> >  if [ "$days" -lt 30 ] && [ "$days" -gt 0 ];then
>>> >   echo $user expires in $days days
>>> >  fi
>>> > fi
>>> > done
>>>
>>> Hmm, accountExpires != msDS-UserPasswordExpiryTimeComputed
>>>
>>> And from my internet investigations:
>>>
>>> unixtimestamp=$((($WindowsTimeStamp/10000000)-11676009600))
>>>
>>> $WindowsTimeStamp/10000000
>> is equal to
>> ${WindowsTimeStamp::-7}
>> I don't know what is a more expensive operation catting a string or
>> division(I guessed division was a more expensive operation).
>>
>> 11676009600 doesn't work right. It gives me different times then what net
>> use gives me that is how I got
>> 11644430400 to match what net use gives me
>>
>> I plugged the  unixtimestamp into "date -d @${unixtimestamp}" and
> compared it with "net user %username% /domain" untill they where showing
> the same times for accountExpire.
>
> date
>
>>
>>
>>> and to turn that into number of days:
>>>
>>> DAYS=$((($unixtimestamp - $DATE) / 3600 / 24))
>>>
>> x/3600/24 = x/86400
>>
>>
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>

More information about the samba mailing list