VBScript program demonstrating how to use ADO to find all user accounts where the password will expire within a specified number of days in the future. The program does not retrieve users whose password has already expired. The program also does not retrieve users whose password does not expire, whose password cannot change, where the user is not required to have a password, or where the account is disabled.

The program uses the domain maximum password age policy and the value of the pwdLastSet attribute of the users to determine when the passwords expire. Do not use this program if you use the fine-grained password policies feature of Windows Server 2008 and above. This program assumes the same password policy applies to all users.

The program filters on users where the pwdLastSet attribute corresponds to dates in the past such that the password will expire in the specified range. This requires converting the critical dates into the corresponding Integer8 values. For the users retrieved, the program uses the pwdLastSet attribute value to determine when the password will actually expire, in the time zone of the local computer.

For each user account found the program sends an email message to the user. The program uses the value of the "mail" attribute of the user object, which corresponds to the field "E-mail" on the "General" tab of ADUC. If this attribute does not have a value, the program uses the "proxyAddresses" attribute. This multi-valued attribute is used by Exchange to specify email addresses. This program uses the "primary" address of the user, which is the value which has either "SMTP:" or "X400:" as the prefix, in upper case. There can be only one "primary" email address in the collection. All other values have all lower case prefixes.

PwdExpires.txt <<-- Click here to view or download the program

Next is a similar PowerShell script that retrieves all users whose passwords will expire within the specified number of days. An email function has been added, so the program is identical to the first.

PSPwdExpires.txt <<-- Click here to view or download the program