A. The last-password-change date is stored in the user class's Active Directory (AD) pwdLastSet attribute as a large (64-bit) integer, which means the date must be converted so that it can be read and displayed in a usable "date" format. To perform the conversion, I modified a script by Richard Mueller so that it searches for all users in the passed root distinguished name and outputs their last-password-change date to a screen. You can download the script, listuserpasslastchange.vbs, or copy and paste the following script into a text file.

' John Savill                              ' This is based on Richard Mueller's script on Interger8Date                              ' conversion, which is copyrighted as below.                              ' Copyright (c) 2003 Richard L. Mueller                              ' Hilltop Lab Web site - http://www.rlmueller.net                              '                              ' I simply changed it to output all objects in a passed DN.                              Option Explicit                              Dim strLdapPath, objConnection, objChild                              Dim lngTZBias, objUser, objPwdLastSet                              Dim objShell, lngBiasKey, k                              ' Check that all required arguments have been passed                              If Wscript.Arguments.Count  0 Then                                  On Error GoTo 0                                  Integer8Date = #1/1/1601#                                End If                                On Error GoTo 0                              End Function

To run the script, use the syntax

cscript listuserpasslastchange.vbs ou=test,dc=demo,dc=test

You'll see output that's similar to this:

CN=Bruce Wayne       11/17/2003 1:30:14 PM                              CN=Clark Kent        11/17/2003 1:31:30 PM                              CN=Hal Jordan        12/6/2004 2:52:56 PM                              CN=Wally West        3/17/2003 9:04:45 AM