Perl script which connects to Active Directory server and prints list of accounts and password set dates

connection-test.pl

#!/usr/bin/perl

use Net::LDAP;
use Data::Dumper;

my $LDAPSERVER = '192.168.1.2';
my $ADUSERNAME = 'username@domain.local';
my $ADPASSWORD = '********';
my $LDAPBASE = 'CN=Users,DC=domain,DC=local';


$ad = Net::LDAP->new($LDAPSERVER) or die "$@";

$ad->bind($ADUSERNAME, password=>$ADPASSWORD) or die "$@";

# $schema = $ad->schema();
# die Dumper($schema);

my $base = $LDAPBASE;
my $attrs = ['sn', 'givenName', 'pwdLastSet', 'userAccountControl', 'accountExpires'];
my $filter = 'sn=*';

my @results = ($ad->search(base=>$base, filter=>$filter, attrs=>$attrs))->sorted('sn','givenName');
my $count = @results;

my $entry;
my $nttime;
my $userName;
my $pwdLastSet;
my $uac;
my $expires;

format STDOUT =
@<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<< @>>>>> @>>>>>>>>>>>>>>>>>>>>
$userName,                $pwdLastSet,$uac,  $expires
.

for (my $i=0; $i<$count; $i++) {
  $entry = $results[$i];

  $nttime = $entry->get_value('pwdLastSet');
  $nttime =~ s/[0-9]{7}$//;
  # See Time::NT module as reference for the NT->unix time conversion
  my ($sec, $min, $hour, $mday, $mon, $year) = localtime(int($nttime)-11644473600);
  $pwdLastSet = sprintf('%04d-%02d-%02d', $year+1900, $mon+1, $mday);

  # Only print accounts that are not disabled and with passwords that expire


  $userName = $entry->get_value('sn') . ", " . $entry->get_value('givenName');
  $uac = $entry->get_value('userAccountControl');
  $expires = $entry->get_value('accountExpires');

  write    unless (
        ($entry->get_value('userAccountControl') & 2) ||  # disabled users
        ($entry->get_value('userAccountControl') & 65536) # nonexpiring passwords
      );
}

$ad->unbind;