I have scripted WhenPwdX.bat to determine the date and time that a user password expires, the date and time that the password was last set, and the maximum password age.

The output is displayed on the console, but can be redirect to a file, or parsed in a FOR command.

Sample Usage

call whenPwdX DomainName "User Distinguished Name"

Where DomainName is the domain name, like JSIINC.COM, and "User Distinguished Name" is the user's distinguished name, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM".

The output might look like one of the following:

                              05/02/2005 14:47:17 03/21/2005 14:47:17 42.94967296                              NEVER NEVER 07/01/2004 16:07:12 42.94967296
You can redirect the output to a file using:

call whenPwdX DomainName "User Distinguished Name">>FileName

You can parse the output using a FOR command using:

FOR /f "Tokens=1-5" %%a in ('call whenPwdX DomainName "User Distinguished Name"') do (                                set DateEXP=%%a                                set TimeEXP=%%b                                set DateSET=%%c                                set TimeSET=%%d                                set Days=%%e                                . . .                                . . .                              )
WhenPwdX.bat contains:
                              @echo off                              If \{%2\}==\{\} @echo Syntax: WhenPwdX DomainName UserDistinguishedName&goto :EOF                              setlocal                              set oDomain=%1                              set oUser=%2                              if exist "%TEMP%\WhenPwdX.vbs" goto doit                              @echo Dim oDomain, oUser, maxPwdAge, numDays, objArguments>"%TEMP%\WhenPwdX.vbs"                              @echo Set objArguments = Wscript.Arguments>>"%TEMP%\WhenPwdX.vbs"                              @echo strDomainDN=objArguments^(0^)>>"%TEMP%\WhenPwdX.vbs"                              @echo strUserDN = strDomainDN ^& "/" ^& objArguments^(1^)>>"%TEMP%\WhenPwdX.vbs"                              @echo Set oDomain = GetObject^("LDAP://" ^& strDomainDN^)>>"%TEMP%\WhenPwdX.vbs"                              @echo Set maxPwdAge = oDomain.Get^("maxPwdAge"^)>>"%TEMP%\WhenPwdX.vbs"                              @echo numDays = CCur^(^(maxPwdAge.HighPart * 2 ^^ 32^) + _>>"%TEMP%\WhenPwdX.vbs"                              @echo maxPwdAge.LowPart^) / CCur^(-864000000000^)>>"%TEMP%\WhenPwdX.vbs"                              @echo Set oUser = GetObject^("LDAP://" ^& strUserDN^)>>"%TEMP%\WhenPwdX.vbs"                              @echo OK= oUser.userAccountControl AND 65536>>"%TEMP%\WhenPwdX.vbs"                              @echo whenPasswordExpires = DateAdd^("d", numDays, oUser.PasswordLastChanged^)>>"%TEMP%\WhenPwdX.vbs"                              @echo if OK = 65536 Then>>"%TEMP%\WhenPwdX.vbs"                              @echo  WhenPasswordExpires = "NEVER NEVER">>"%TEMP%\WhenPwdX.vbs"                              @echo End If>>"%TEMP%\WhenPwdX.vbs"                              @echo WScript.Echo whenPasswordExpires ^& " " ^& oUser.PasswordLastChanged ^& " " ^& numDays>>"%TEMP%\WhenPwdX.vbs"                              @echo Set oUser = Nothing>>"%TEMP%\WhenPwdX.vbs"                              @echo Set maxPwdAge = Nothing>>"%TEMP%\WhenPwdX.vbs"                              @echo Set oDomain = Nothing>>"%TEMP%\WhenPwdX.vbs"                              :doit                              cscript //nologo "%TEMP%\WhenPwdX.vbs" %oDomain% %oUser%                              endlocal