Here you go, courtesy of Robbie Alenn, http://www.rallenhome.com/
Regards, Jose ------------------------------------------------------------------ ' This code displays the current settings for the password ' and account lockout policies. ' --------------------------------------------------------------- ' From the book "Windows Server Cookbook" by Robbie Allen ' Publisher: O'Reilly Media ' ISBN: 0-596-00633-0 ' Book web site: http://rallenhome.com/books/winsckbk/code.html ' --------------------------------------------------------------- ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDN>" ' e.g. rallencorp.com ' ------ END CONFIGURATION --------- set objRootDSE = GetObject("LDAP://"; & strDomain & "/RootDSE") set objDomain = GetObject("LDAP://"; & _ objRootDSE.Get("defaultNamingContext") ) ' Hash containing the domain password and lockout policy attributes ' as keys and the units (e.g. minutes) as the values set objDomAttrHash = CreateObject("Scripting.Dictionary") objDomAttrHash.Add "lockoutDuration", "minutes" objDomAttrHash.Add "lockoutThreshold", "attempts" objDomAttrHash.Add "lockoutObservationWindow", "minutes" objDomAttrHash.Add "maxPwdAge", "minutes" objDomAttrHash.Add "minPwdAge", "minutes" objDomAttrHash.Add "minPwdLength", "characters" objDomAttrHash.Add "pwdHistoryLength", "remembered" objDomAttrHash.Add "pwdProperties", " " ' Iterate over each attribute and print it for each strAttr in objDomAttrHash.Keys if IsObject( objDomain.Get(strAttr) ) then set objLargeInt = objDomain.Get(strAttr) if objLargeInt.LowPart = 0 then value = 0 else value = Abs(objLargeInt.HighPart * 2^32 + objLargeInt.LowPart) value = int ( value / 10000000 ) value = int ( value / 60 ) end if else value = objDomain.Get(strAttr) end if WScript.Echo strAttr & " = " & value & " " & objDomAttrHash(strAttr) next 'Constants from DOMAIN_PASSWORD_INFORMATION Set objDomPassHash = CreateObject("Scripting.Dictionary") objDomPassHash.Add "DOMAIN_PASSWORD_COMPLEX", &h1 objDomPassHash.Add "DOMAIN_PASSWORD_NO_ANON_CHANGE", &h2 objDomPassHash.Add "DOMAIN_PASSWORD_NO_CLEAR_CHANGE", &h4 objDomPassHash.Add "DOMAIN_LOCKOUT_ADMINS", &h8 objDomPassHash.Add "DOMAIN_PASSWORD_STORE_CLEARTEXT", &h16 objDomPassHash.Add "DOMAIN_REFUSE_PASSWORD_CHANGE", &h32 ' The PwdProperties attribute requires special processing because ' it is a flag that holds multiple settings. for each strFlag In objDomPassHash.Keys if objDomPassHash(strFlag) and objDomain.Get("PwdProperties") then WScript.Echo " " & strFlag & " is enabled" else WScript.Echo " " & strFlag & " is disabled" end If next -------------------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Parker Sent: Thursday, May 12, 2005 10:01 AM To: [email protected] Subject: RE: [ActiveDir] Lockouts Please forward the script. I would be very appreciative. Thank you. John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video 7711 Computer Ave. Edina, MN. 55435 952-896-9898 Local 800-388-0008 Watts 952-896-9899 Fax 612-804-8769 Cell 952-841-3327 Direct [EMAIL PROTECTED] "Be excellent to each other" ---End of Line--- -----Original Message----- From: Medeiros, Jose [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 11:54 AM To: [email protected] Subject: RE: [ActiveDir] Lockouts Hi John, Try using the usrstat.exe tool out of the NT4 or 2000 resource kit and pipe the output to a text file. Or you can use a complex VB script to do the same thing. I can forward you the VB script if thats what you prefer. Sincerely, Jose Medeiros MCP+I, MCSE, NT4 MCT www.ntea.net www.tvnug.org www.sfntug.org ------------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Parker Sent: Thursday, May 12, 2005 9:40 AM To: [email protected] Subject: [ActiveDir] Lockouts Hello all... I am running Active Directory on a 2000 Server fully spacked. I have users (Random) getting locked out frequently. While I am searching for reasons as to why this is happening, I am curious if there are any tools that will show me my user's status. I using MS's account lockout tool, but it only shows me one user at a time. I would like to see all at once. Any tools like that out there? Anyone experienced this? I can find nothing of note in my event logs either. Thanks John Parker, MCSE IS Admin. Senior Technical Specialist Alpha Display Systems. Alpha Video NOTICE OF CONFIDENTIALITY This document and its attachments are intended for the named addressee(s) only. They contain information which may be Confidential, privileged and/or exempt from disclosure. Unless you are the named addressee (or authorized to receive this document and/or its attachment(s) or its contents on behalf of the addressee,) you may not read, copy, use, or disclose the document and/or its attachment(s) or its contents. The unauthorized use, copying or disclosure of this document and/or its attachment(s) or its contents is strictly prohibited and may be unlawful. Alpha Video and Audio inc. disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. Messages and attachments are not scanned for all known viruses. If you have received this document and/or its attachment(s) by mistake, please notify the sender by telephone immediately at 952-896-9898 or by e-mail at [EMAIL PROTECTED] and destroy immediately all physical and/or electronic copies of the document and its attachment(s). List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ NOTICE OF CONFIDENTIALITY This document and its attachments are intended for the named addressee(s) only. They contain information which may be Confidential, privileged and/or exempt from disclosure. Unless you are the named addressee (or authorized to receive this document and/or its attachment(s) or its contents on behalf of the addressee,) you may not read, copy, use, or disclose the document and/or its attachment(s) or its contents. The unauthorized use, copying or disclosure of this document and/or its attachment(s) or its contents is strictly prohibited and may be unlawful. Alpha Video and Audio inc. disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. Messages and attachments are not scanned for all known viruses. If you have received this document and/or its attachment(s) by mistake, please notify the sender by telephone immediately at 952-896-9898 or by e-mail at [EMAIL PROTECTED] and destroy immediately all physical and/or electronic copies of the document and its attachment(s). List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
