Last active
March 15, 2021 07:21
-
-
Save SilverJan/0f4f757a64d620ad7a3256684ab226ee to your computer and use it in GitHub Desktop.
One-liner to get the AD password expiry date for a user (in UTC)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# input vars | |
AD_USER=abc1de | |
# Windows ticks are in 100ns | |
WINDOWS_TICK=10000000 | |
# seconds to be added to make Windows file time Unix file time | |
SEC_TO_UNIX_EPOCH=11644473600 | |
# 180 days (AD setting via maxPwdAge) in seconds | |
PWD_MAX_AGE_SECONDS=15552000 | |
# AD server | |
AD_SERVER="x.xx.com" | |
# DC server | |
DCS="DC=x,DC=xx,DC=com" | |
# calculate | |
date -d @$(($(ldapsearch -h $AD_SERVER -b $DCS "(samaccountname=$AD_USER)" -Q | grep -i pwdLastSet | awk -F' ' '{print $2}') / $WINDOWS_TICK - $SEC_TO_UNIX_EPOCH + $PWD_MAX_AGE_SECONDS)) | |
Sat 17 Apr 2021 11:31:44 AM +08 | |
# formular from https://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment