' This program scans all users in the Users container and all organizational units ' beneath the HOSTING_OU organizational unit, for users whose passwords have either ' already expired or will expire within DAYS_FOR_EMAIL days. ' ' An email is sent, using CDO, via the SMTP server specified as SMTP_SERVER to the ' user to tell them to change their password. You should change strFrom to match ' the email address of the administrator responsible for password changes. ' ' You will, at a minimum, need to change the SMTP_SERVER, the HOSTING_OU, and the ' STRFROM constants. If you run this on an Exchange server, then SMTP_SERVER can ' be "" - and it may be either an ip address or a resolvable name. ' ' If you don't have an OU containing sub-OU's to scan, then set HOSTING_OU to the ' empty string (""). ' 'Option Explicit ' Per environment constants - you should change these! Const HOSTING_OU = "IIOSOFT Users" Const HOSTING_OU2 = "iio Users" Const SMTP_SERVER = "bj-smtp.IIOSOFT.com" Const STRFROM = "resetpwd@IIOSOFT.com" 'Const aDaysForEmail = Array( 1, 3, 5, 10, 15, 30) ' System Constants - do not change Const ONE_HUNDRED_NANOSECOND = .000000100 ' .000000100 is equal to 10^-7 Const SECONDS_IN_DAY = 86400 Const ADS_UF_DONT_EXPIRE_PASSWD = &h20000 Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D Const ForWriting = 2 Dim objRoot Dim numDays, iResult Dim strDomainDN Dim objContainer, objSub Dim aDaysForEmail(6) aDaysForEmail(1) = 1 aDaysForEmail(2) = 3 aDaysForEmail(3) = 5 aDaysForEmail(4) = 10 aDaysForEmail(5) = 15 aDaysForEmail(6) = 30 ' 存放log到外部文件 -- Jerry ' 从这里开始 'Declare variables Dim strTestMode strTestMode = False 'use for debuging 'Cretae log file Set WshSHell = CreateObject("WScript.Shell") Set objFSO = CreateObject("Scripting.FileSystemObject") strFileName = Replace(Datevalue(Now), "-", "_") strFileName = Replace(strFileName, "/", "_") Public fLog Set oLog = objFSO.OpenTextFile(strFileName & ".txt", ForWriting, TRUE) dp Now dp "" ' 开始运行功能 Set objRoot = GetObject ("LDAP://RootDSE") strDomainDN = objRoot.Get ("defaultNamingContext") Set objRoot = Nothing numdays = GetMaximumPasswordAge (strDomainDN) dp "Maximum Password Age: " & numDays If numDays > 0 Then Set objContainer = GetObject ("LDAP://ou=IIOSOFT Users," & strDomainDN) Call ProcessFolder (objContainer, numDays) Set objContainer = Nothing If Len (HOSTING_OU2) > 0 Then Set objContainer = GetObject ("LDAP://ou=BYS Users,ou=IIOSOFT Users," & strDomainDN)'GetObject ("LDAP://OU=" & HOSTING_OU & "," & strDomainDN) For Each objSub in objContainer Call ProcessFolder (objSub, numDays) Next Set objContainer = Nothing End If End If dp "" dp "The command runs successfully!" dp Now oLog.Close 'Program ending wscript.quit 'WScript.Echo "Done" Function GetMaximumPasswordAge (ByVal strDomainDN) Dim objDomain, objMaxPwdAge Dim dblMaxPwdNano, dblMaxPwdSecs, dblMaxPwdDays Set objDomain = GetObject("LDAP://" & strDomainDN) Set objMaxPWdAge = objDomain.maxPwdAge If objMaxPwdAge.LowPart = 0 And objMaxPwdAge.Highpart = 0 Then ' Maximum password age is set to 0 in the domain ' Therefore, passwords do not expire GetMaximumPasswordAge = 0 Else dblMaxPwdNano = Abs (objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart) dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND dblMaxPwdDays = Int (dblMaxPwdSecs / SECONDS_IN_DAY) GetMaximumPasswordAge = dblMaxPwdDays End If End Function Function UserIsExpired (objUser, iMaxAge, aDaysForEmail, iRes) On Error Resume Next Dim intUserAccountControl, dtmValue, intTimeInterval Dim strName Err.Clear strName = Mid (objUser.Name, 4) intUserAccountControl = objUser.Get ("userAccountControl") If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then dp "The password for " & strName & " does not expire." UserIsExpired = False Else iRes = 0 dtmValue = objUser.PasswordLastChanged If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then UserIsExpired = True dp "The password for " & strName & " has never been set." Else intTimeInterval = Int (Now - dtmValue) dp "The password for " & strName & " was last set on " & _ DateValue(dtmValue) & " at " & TimeValue(dtmValue) & _ " (" & intTimeInterval & " days ago)" If intTimeInterval >= iMaxAge Then dp "The password for " & strName & " has expired." UserIsExpired = True Else iRes = Int ((dtmValue + iMaxAge) - Now) dp "The password for " & strName & " will expire on " & _ DateValue(dtmValue + iMaxAge) & " (" & _ iRes & " days from today)." UserIsExpired = False For i = 1 To UBound(aDaysForEmail) - LBound(aDaysForEmail) If iRes <= aDaysForEmail(i) Then dp strName & " needs an email for password change" UserIsExpired = True Exit For End If Next If Not UserIsExpired Then dp strName & " does not need an email for password change" End If End If End If End If End Function Sub ProcessFolder (objContainer, iMaxPwdAge) Dim objUser, iResult objContainer.Filter = Array ("User") 'Wscript.Echo "Checking company = " & Mid (objContainer.Name, 4) For each objUser in objContainer If Right (objUser.Name, 1) <> "$" Then If IsEmpty (objUser.Mail) Or IsNull (objUser.Mail) Then dp Mid (objUser.Name, 4) & " has no mailbox" Else If UserIsExpired (objUser, iMaxPwdAge, aDaysForEmail, iResult) Then 'WScript.Echo "...sending an email for " & objUser.Mail Call SendEmail (objUser, iResult) Else dp "...don't send an email" End If End If End If Next End Sub Sub SendEmail (objUser, iResult) On Error Resume next Dim objMail Set objMail = CreateObject ("CDO.Message") objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTP_SERVER objMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 objMail.Configuration.Fields.Update objMail.From = STRFROM objMail.To = objUser.Mail objMail.Subject = "IIOSOFT Password Expiration Reminder" objMail.Textbody = "The system password for user " & objUser.userPrincipalName & _ " (" & objUser.sAMAccountName & ")" & vbCRLF & _ "will expire in " & iResult & " days. " & vbCRLF & _ "Please change it as soon as possible." & vbCRLF & vbCRLF & _ "Thank you," & vbCRLF & _ "IT administrator" If iResult > 0 Then objMail.htmlbody = " " & VbCrLf & _ "IIOSOFT account management center reminder:
" & VbCrLf & _ " "&objUser.sAMAccountName&" Your password In " & iResult & " later expired, please according to the following methods to make changes:" & vbCRLF & _ "
Please Click Here Change Password? , input your IIOSOFT Acount "&objUser.sAMAccountName&" and old password,then submit the new password.The new password will be effective 5 minutes later after directory synchronization."& VbCrLf & _ "
Note:The system was integrated,mailbox password will also be modified.Because the server requires synchronization update, mailbox password will take effect in 5 minutes."& VbCrLf & _ "
"& vbCRLF & vbCRLF & _ "
IIOSOFT password policy : the user's password period: 180 days, the shortest period : 1 days, the password by at least 8 letters, numbers and characters, but can not use the 5 code of history." & vbCRLF & _ "
If you have any questions, please contact us or call ( resetpwd@IIOSOFT.com) 010 88881111 -2220" & VbCrLf & _ "
"& VbCrLf & vbCRLF & _ " "&objUser.sAMAccountName&" 您的密码将于" & iResult & "日后到期,请按下述方法进行进行更改:" & vbCRLF & _ "
请单击这修改密码? ,IIOSOFT Account "&objUser.sAMAccountName&" ,输入旧密码及新密码提交即可。由于需要进行目录同步,密码将在5分钟后生效." & VbCrLf & _ "
注:系统进行了集成,邮箱密码会同步更新.由于服务需要同步更新,邮箱密码将会在5分钟过后生效."& VbCrLf & _ "
"& VbCrLf & VbCrLf & _ "IIOSOFT密码策略:用户密码周期:180天,最短使用周期:1天,密码由至少8位字母,数字及字符组成,同时不能使用5个历史密码." & vbCRLF & _ "如有疑问,请联系我们(resetpwd@IIOSOFT.com) 或致电010 88881111 转 2220" & VbCrLf & _ ""& VbCrLf & VbCrLf & _ "
Thank you," & VbCrLf & _ "
xx科技账号管理中心" & _ "" & VbCrLf & _ "" Else objMail.htmlbody = " " & VbCrLf & _ "IIOSOFT account management center reminder:
" & VbCrLf & _ " "&objUser.sAMAccountName&" Your password Had expired , please according to the following methods to make changes:" & vbCRLF & _ "
Please Click Here Forgot Password? , input your ID Code "&objUser.sAMAccountName&" and old password,then submit the new password.The new password will be effective 5 minutes later after directory synchronization."& VbCrLf & _ "
Note:The system was integrated,mailbox password will also be modified.Because the server requires synchronization update, mailbox password will take effect in 5 minutes."& VbCrLf & _ "
"& vbCRLF & VbCrLf & _ "
IIOSOFT password policy : the user's password period: 180 days, the shortest period : 1 days, the password by at least 8 letters, numbers and characters, but can not use the 5 code of history." & vbCRLF & _ "
If you have any questions, please contact us or call ( resetpwd@IIOSOFT.com) 010 88881111 -2220" & VbCrLf & _ "
"& VbCrLf & vbCRLF & _ " "&objUser.sAMAccountName&" 您的密码已经过期,请通过以下方法进行进行更改:" & VbCrLf & _ "
请单击忘记密码? ,ID Code "&objUser.sAMAccountName&" ,输入旧密码及新密码提交即可。由于需要进行目录同步,密码将在5分钟后生效." & VbCrLf & _ "
注:系统进行了集成,邮箱密码会同步更新.由于服务需要同步,邮箱密码将在5分钟后生效."& VbCrLf & _ "
"& VbCrLf & VbCrLf & _ "IIOSOFT密码策略:用户密码周期:180天,最短使用周期:1天,密码由至少8位字母,数字及字符组成,同时不能使用5个历史密码." & vbCRLF & _ "如有疑问,请联系我们(resetpwd@IIOSOFT.com) 或致电010 88881111 转 2220" & VbCrLf & _ ""& VbCrLf & vbCRLF & _ "
Thank you," & VbCrLf & _ "
xx科技账号管理中心" & _ "" & VbCrLf & _ "" End If 'objMail.AddAttachment "c:\2.jpg " '添加附件 objMail.Send Set objMail = Nothing End Sub Sub dp (str) If strTestMode Then WScript.Echo str End If oLog.WriteLine str End Sub