So the other day I was asked by our IT Helpdesk if I could send them an alert when a VIP user's password is close to expiring so that they could pro-actively go through the laborious process of changing the password on multiple devices (a topic for another day)
Since it took me a bit of time to get it right, I thought I would share the search I used so that it might help someone else as well.
If you spot errors (which is quite easy when trying to work with Active Directory timestamps), let me know so we can fix it for everyone.
The search uses "ldapsearch" of course, which is yet again a topic for another day, and assumes that your password expiry is set to 30 days and you want to be warned 5 days before it expires.
It looks like this:
| ldapsearch domain=DOMAIN search="&(objectCategory=user)(|(sAMAccountName="user1")(sAMAccountName="user2"))"
| eval pwd=strptime(pwdLastSet,"%Y/%m/%d %T")
| eval pwdExpires=pwd+(30*86400)
| eval pwdAge=round((now()-pwd)/86400,0)
| convert timeformat="%Y/%m/%d %H:%M:%S" ctime(pwdExpires) as pwdExpires
| table cn,description,userAccountControl,sAMAccountName,pwdLastSet,pwdExpires,pwdAge
| sort pwdExpires
| where pwdAge > 25
Thursday 1 May 2014
Subscribe to:
Posts (Atom)
-
So the other day I was asked by our IT Helpdesk if I could send them an alert when a VIP user's password is close to expiring so that th...
-
Prerequisites: This guide assumes you have setup a clean Ubuntu Server 12.04 image with only SSH installed Let's get started: # sud... -
Like most people out there, I have tried to install Metasploit and Armitage using other blog posts first and found that the process failed...