Obtaining the Date a Password Expires
Based on the previous subtasks, we can now calculate the date and time a user's
password will expire. Listing 4,
WhenPwdExpires.js, is a script that takes a user account name as a command-line
argument and displays when that account s password will expire. I decided to
use JScript because the JScript Date object stores all date and time values
as a number of milliseconds, in Coordinated Universal Time (aka UTC or GMT),
since midnight, January 1, 1970. For illustration purposes, I wrote an equivalent
VBScript version, Web Listing 4,
which you can download from the Windows Scripting Solutions Web site. If you
run both versions, you'll notice that the VBScript version can report different
expiration times than the JScript version because VBScript date calculations
are not locale-independent.
WhenPwdExpires.js uses a single command-line argument: a username. It uses
the technique in this article's first Q&A ("Using a Logon to Determine a Distinguished Name," InstantDoc ID 94255) to determine the user's AD distinguished
name (DN). If the user doesn't exist, the script returns an error message and exits.
Next, the script next checks to see whether the user's password expires by
using the technique I describe in subtask 1. If the user's password doesn't
expire, the script returns a message to that effect and exits.
After performing subtask 1, the script uses the technique in subtask 2 to determine
the current domain s maximum password age. (Note that this script calculates
the maximum password age for only the current domain, so the script won't work
correctly if you specify a user in a different domain and the other domain has
a different maximum password age than the current domain.) If the current domain's maximum password age is zero, the script returns a message that domain passwords
don't expire and exits.
The script then uses the technique in subtask 3 to read the date and time the
user's password was last set. If the password hasn't been set, the script returns
this fact and exits.
Calculating the Expiration Date
At this point, the script has determined that the user's password expires, the
number of days a password is valid, and the date and time the password was last
set. We can now use the following formula to determine the password's expiration
date:
expiration date = date and time
password was last set +
domain's maximum password age
Callout A in Listing 4 shows how
the script performs the calculation, but I need to explain a bit how JScript
Date objects work. When you create a Date object, you can initialize it with
the number of milliseconds since midnight, January 1, 1970 UTC, which represents
the date and time you want to use. The Date object's get-Time method returns
its millisecond representation. The domain's maximum password age is a number
of days, so the script needs to convert this number into milliseconds (i.e.,
days X 86,400 X1000). The result is a new Date object that contains the date
and time the password expires.
Finally, the script creates a new Date object containing the current date and
time. If the current date and time is less than the expiration date, the password
has not yet expired, and the script uses the toLocaleString method of the Date
object to return a locale-adjusted string representation of the password's expiration
date; otherwise, it just reports that the password has expired.