|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
setting account expire date problemThe following code section is supposed to check if an account is set to never expire (for majors in our dept) and not change it if it is. '// Test Never Expires "flag" If (Not (userObj.accountExpirationDate = "1/1/1970")) Then userObj.accountExpirationDate = ExpireDate End If This code runs if an account already exists. If it is an account for a non-major, it would have an expire date set for last semester, and the date should get set to the end of this semester. If is is an account for a major, it would have the expire date set to never expire, and that should not get changed. If I run the script on a list of students, some (not all) of the accounts that were set to never expire get reset to expire at the end of this semester. I can't figure out the problem. In Active Directory, you can set "Account expires" to "Never" or to "End of:" and enter a date. I couldn't find an actual flag that says the account is set to never expire, but found that if you have checked that choice, the date is set to 1/1/1970. Testing for this date works most of the time (it works 100% in another script that deletes expired accounts), but something funny is happening here. Does anybody have any ideas? Thanks, Sandy -- Sandra L Miller Windows System Administrator Department of Computer Science University of Arizona "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona." Sandra,
AccountExpirationDate is a property method that converts the value for the accountExpires attribute to a date. accountExpires is datatype Integer8, which is a 64-bit (8-byte) value representing the date as the number of 100-nanosecond intervals since 12:00 AM 1/1/1601. Special code is needed to handle this large number, which why the property method is convenient. However, the date 1/1/1970 is a holdover from NT domains and means nothing in AD. I think the property method hard codes this date as the "never" date. If an account has never had an expiration date, accountExpires is set to a huge value, which can't even be interpreted as a date. If the account has an expiration date, then later is set to never expire, accountExpires becomes zero. I think I've seen AccountExpirationDate return an error in this case. The proper way to set an account to never expire is to set accountExpires to -1. userObj.accountExpires = -1 userObj.SetInfo If you want to know if the account expires, you can assume that if the AccountExpirationDate property method raises an error, then the account never expires. You could trap this error. Does this help? Show quoteHide quote "Sandra L Miller" <s**@cs.arizona.edu> wrote in message news:uxEhvxZLGHA.3860@TK2MSFTNGP12.phx.gbl... >I have a script that creates or updates student accounts each semester. > The following code section is supposed to check if an account is set > to never expire (for majors in our dept) and not change it if it is. > > '// Test Never Expires "flag" > If (Not (userObj.accountExpirationDate = "1/1/1970")) Then > userObj.accountExpirationDate = ExpireDate > End If > > This code runs if an account already exists. If it is an account > for a non-major, it would have an expire date set for last semester, > and the date should get set to the end of this semester. If is is > an account for a major, it would have the expire date set to never > expire, and that should not get changed. > > If I run the script on a list of students, some (not all) of the > accounts that were set to never expire get reset to expire at the > end of this semester. I can't figure out the problem. > > In Active Directory, you can set "Account expires" to "Never" or to > "End of:" and enter a date. I couldn't find an actual flag that > says the account is set to never expire, but found that if you have > checked that choice, the date is set to 1/1/1970. Testing for this > date works most of the time (it works 100% in another script that > deletes expired accounts), but something funny is happening here. > > Does anybody have any ideas? > > Thanks, > Sandy > > -- > Sandra L Miller > Windows System Administrator > Department of Computer Science > University of Arizona > > "The opinions or statements expressed herein are my own and should not be > taken as a position, opinion, or endorsement of the University of > Arizona." Richard,
I wrote a script to list all my student accounts and their expiration dates. The following test lists all the accounts as never expiring: If (userObj.accountExpires = -1) Then ExpireDate = "Never " Else ExpireDate = userObj.accountExpirationDate End If but the following works: If (userObj.accountExpirationDate = "1/1/1970") Then ExpireDate = "Never " Else ExpireDate = userObj.accountExpirationDate End If Why would that be if the "accountExpires" flag is supposed to be the indicator that the account never expires? Sandy Richard Mueller wrote: Show quoteHide quote > Sandra, > > AccountExpirationDate is a property method that converts the value for the > accountExpires attribute to a date. accountExpires is datatype Integer8, > which is a 64-bit (8-byte) value representing the date as the number of > 100-nanosecond intervals since 12:00 AM 1/1/1601. Special code is needed to > handle this large number, which why the property method is convenient. > However, the date 1/1/1970 is a holdover from NT domains and means nothing > in AD. I think the property method hard codes this date as the "never" date. > If an account has never had an expiration date, accountExpires is set to a > huge value, which can't even be interpreted as a date. If the account has an > expiration date, then later is set to never expire, accountExpires becomes > zero. I think I've seen AccountExpirationDate return an error in this case. > > The proper way to set an account to never expire is to set accountExpires > to -1. > > userObj.accountExpires = -1 > userObj.SetInfo > > If you want to know if the account expires, you can assume that if the > AccountExpirationDate property method raises an error, then the account > never expires. You could trap this error. Does this help? > -- Sandra L Miller Windows System Administrator Department of Computer Science University of Arizona "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona." Richard,
You can ignore my question. I found that the sample code you supplied worked just fine (where I get the accountExpirationDate, then check for an error OR for the date being equal to 1/1/1970). It works just fine. I guess I still don't understand the purpose of the accountExpires "flag". I'm using it for new accounts that I create, but since I can't test for it reliably, what use is it? Sandy Sandra L Miller wrote: Show quoteHide quote > Richard, > > I wrote a script to list all my student accounts and their expiration > dates. > > The following test lists all the accounts as never expiring: > > If (userObj.accountExpires = -1) Then > ExpireDate = "Never " > Else > ExpireDate = userObj.accountExpirationDate > End If > > but the following works: > > If (userObj.accountExpirationDate = "1/1/1970") Then > ExpireDate = "Never " > Else > ExpireDate = userObj.accountExpirationDate > End If > > Why would that be if the "accountExpires" flag is supposed to be > the indicator that the account never expires? > > Sandy > > Richard Mueller wrote: > >> Sandra, >> >> AccountExpirationDate is a property method that converts the value for >> the accountExpires attribute to a date. accountExpires is datatype >> Integer8, which is a 64-bit (8-byte) value representing the date as >> the number of 100-nanosecond intervals since 12:00 AM 1/1/1601. >> Special code is needed to handle this large number, which why the >> property method is convenient. However, the date 1/1/1970 is a >> holdover from NT domains and means nothing in AD. I think the property >> method hard codes this date as the "never" date. If an account has >> never had an expiration date, accountExpires is set to a huge value, >> which can't even be interpreted as a date. If the account has an >> expiration date, then later is set to never expire, accountExpires >> becomes zero. I think I've seen AccountExpirationDate return an error >> in this case. >> >> The proper way to set an account to never expire is to set >> accountExpires to -1. >> >> userObj.accountExpires = -1 >> userObj.SetInfo >> >> If you want to know if the account expires, you can assume that if the >> AccountExpirationDate property method raises an error, then the >> account never expires. You could trap this error. Does this help? >> > -- Sandra L Miller Windows System Administrator Department of Computer Science University of Arizona "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona." point-1: dates are enclosed by "#". so, your date should look like:
If (Not (userObj.accountExpirationDate = #1/1/1970#)) Then I recommend that you read this page, and change your code accordingly. specially, use error handling code "on error resume next", and read the value of "userObj.accountExpirationDate" before comparing it. http://www.microsoft.com/technet/scriptcenter/resources/qanda/jul05/hey0718.mspx for more AD Account Expiration samples/illustrations, visit following page: http://www.microsoft.com/technet/scriptcenter/resources/qanda/ad.mspx -- Show quoteHide quote"C is a razor-sharp tool, with which one can create an elegant and efficient program or a bloody mess." Replace C with VBScript :) "Sandra L Miller" wrote: > I have a script that creates or updates student accounts each semester. > The following code section is supposed to check if an account is set > to never expire (for majors in our dept) and not change it if it is. > > '// Test Never Expires "flag" > If (Not (userObj.accountExpirationDate = "1/1/1970")) Then > userObj.accountExpirationDate = ExpireDate > End If > > This code runs if an account already exists. If it is an account > for a non-major, it would have an expire date set for last semester, > and the date should get set to the end of this semester. If is is > an account for a major, it would have the expire date set to never > expire, and that should not get changed. > > If I run the script on a list of students, some (not all) of the > accounts that were set to never expire get reset to expire at the > end of this semester. I can't figure out the problem. > > In Active Directory, you can set "Account expires" to "Never" or to > "End of:" and enter a date. I couldn't find an actual flag that > says the account is set to never expire, but found that if you have > checked that choice, the date is set to 1/1/1970. Testing for this > date works most of the time (it works 100% in another script that > deletes expired accounts), but something funny is happening here. > > Does anybody have any ideas? > > Thanks, > Sandy > > -- > Sandra L Miller > Windows System Administrator > Department of Computer Science > University of Arizona > > "The opinions or statements expressed herein are my own and should not be > taken as a position, opinion, or endorsement of the University of Arizona." > Hi,
Don't get me wrong, the link is excellent. However, I couldn't help but notice that the Scripting Guy turns off error handling for the entire script. Most consider this OK, but I'm picky. I always turn off normal error handling only for the statement I expect to raise an error. If something else goes wrong I didn't expect (like I fat-finger something), I get the error message I need to troubleshoot it. Here is how I would code the example in the link: ================== Option Explicit Dim objUser, dtmAccountExpiration ' Bind to user object. Set objUser = GetObject("LDAP://cn=MyerKen,ou=Finance,dc=fabrikam,dc=com") ' Retrieve account expiration date. Trap possible error. On Error Resume Next dtmAccountExpiration = objUser.AccountExpirationDate If (Err.Number = 0) Then On Error GoTo 0 ' No error. Check for dummy date. If (dtmAccountExpiration = #1/1/1970#) Then Wscript.Echo "This account has no expiration date." Else Wscript.Echo "Account Expiration Date: " & dtmAccountExpiration End If Else On Error GoTo 0 ' Error raised. Wscript.Echo "This account has no expiration date." End If Set objUser = Nothing ========================= I restore normal error handling with "On Error GoTo 0". This statement also clears the error condition. Note also that I use the variable dtmAccountExpiration to output the date, rather than running the property method again (efficiency). Finally, the date 1/1/1970 is strictly a fiction used by the property method. It has no meaning in Active Directory, where the actual "zero" date is 12:00 AM 1/1/1601. Lastly, the Scripting Guy should have said 100-nanosecond intervals rather than seconds since 1/1/1601, which is a considerably smaller unit of time. Don't pay much attention to this - I'm just being picky. Show quoteHide quote "Umesh Thakur" <UmeshTha***@discussions.microsoft.com> wrote in message news:1FBFEA71-C86F-4772-8516-AF6B1C350F74@microsoft.com... > point-1: dates are enclosed by "#". so, your date should look like: > > If (Not (userObj.accountExpirationDate = #1/1/1970#)) Then > > I recommend that you read this page, and change your code accordingly. > specially, use error handling code "on error resume next", and read > the value of "userObj.accountExpirationDate" before comparing it. > > http://www.microsoft.com/technet/scriptcenter/resources/qanda/jul05/hey0718.mspx > > for more AD Account Expiration samples/illustrations, visit following > page: > http://www.microsoft.com/technet/scriptcenter/resources/qanda/ad.mspx > -- > "C is a razor-sharp tool, with which one can create an elegant and > efficient > program or a bloody mess." > Replace C with VBScript :) > > > > "Sandra L Miller" wrote: > >> I have a script that creates or updates student accounts each semester. >> The following code section is supposed to check if an account is set >> to never expire (for majors in our dept) and not change it if it is. >> >> '// Test Never Expires "flag" >> If (Not (userObj.accountExpirationDate = "1/1/1970")) Then >> userObj.accountExpirationDate = ExpireDate >> End If >> >> This code runs if an account already exists. If it is an account >> for a non-major, it would have an expire date set for last semester, >> and the date should get set to the end of this semester. If is is >> an account for a major, it would have the expire date set to never >> expire, and that should not get changed. >> >> If I run the script on a list of students, some (not all) of the >> accounts that were set to never expire get reset to expire at the >> end of this semester. I can't figure out the problem. >> >> In Active Directory, you can set "Account expires" to "Never" or to >> "End of:" and enter a date. I couldn't find an actual flag that >> says the account is set to never expire, but found that if you have >> checked that choice, the date is set to 1/1/1970. Testing for this >> date works most of the time (it works 100% in another script that >> deletes expired accounts), but something funny is happening here. >> >> Does anybody have any ideas? >> >> Thanks, >> Sandy >> >> -- >> Sandra L Miller >> Windows System Administrator >> Department of Computer Science >> University of Arizona >> >> "The opinions or statements expressed herein are my own and should not be >> taken as a position, opinion, or endorsement of the University of >> Arizona." >> > Don't get me wrong, the link is excellent. However, I couldn't help The Scripting Guys provide coding examples for fundamental syntax but don't > but notice that the Scripting Guy turns off error handling for the > entire script. Most consider this OK, but I'm picky. I always turn > off normal error handling only for the statement I expect to raise an > error. If something else goes wrong I didn't expect (like I > fat-finger something), I get the error message I need to troubleshoot > it. Here is how I would code the example in the link: want to clutter the example with complete error handling code. They should never be taken at face value as examples or robust, production quality coding with proper error handling since that is not the intent of the examples. -- Michael Harris Microsoft MVP Scripting Scripting: Your First Steps http://www.microsoft.com/technet/scriptcenter/topics/beginner/firststeps.mspx Interesting that you say the date should be #1/1/1970# and then send
me to a web site (your second link) that has the following code sample for listing all accounts set to never expire: If objUser.AccountExpirationDate = "1/1/1970" Or Err.Number = -2147467259 Then Wscript.Echo objUser.Name End If Also, I do use "On Error Resume Next", but you are correct, I should have checked the error code. Sandy Umesh Thakur wrote: > point-1: dates are enclosed by "#". so, your date should look like: > > If (Not (userObj.accountExpirationDate = #1/1/1970#)) Then > > I recommend that you read this page, and change your code accordingly. > specially, use error handling code "on error resume next", and read > the value of "userObj.accountExpirationDate" before comparing it. > > http://www.microsoft.com/technet/scriptcenter/resources/qanda/jul05/hey0718.mspx > > for more AD Account Expiration samples/illustrations, visit following page: > http://www.microsoft.com/technet/scriptcenter/resources/qanda/ad.mspx -- Sandra L Miller Windows System Administrator Department of Computer Science University of Arizona "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona." Umesh and Richard,
Thank you for your suggestions. I think the simplest thing is to use userObj.accountExpires = -1 userObj.SetInfo but I was never able to find the existance of this flag. I'll try all the suggestions. Thanks again, Sandy Sandra L Miller wrote: Show quoteHide quote > I have a script that creates or updates student accounts each semester. > The following code section is supposed to check if an account is set > to never expire (for majors in our dept) and not change it if it is. > > '// Test Never Expires "flag" > If (Not (userObj.accountExpirationDate = "1/1/1970")) Then > userObj.accountExpirationDate = ExpireDate > End If > > This code runs if an account already exists. If it is an account > for a non-major, it would have an expire date set for last semester, > and the date should get set to the end of this semester. If is is > an account for a major, it would have the expire date set to never > expire, and that should not get changed. > > If I run the script on a list of students, some (not all) of the > accounts that were set to never expire get reset to expire at the > end of this semester. I can't figure out the problem. > > In Active Directory, you can set "Account expires" to "Never" or to > "End of:" and enter a date. I couldn't find an actual flag that > says the account is set to never expire, but found that if you have > checked that choice, the date is set to 1/1/1970. Testing for this > date works most of the time (it works 100% in another script that > deletes expired accounts), but something funny is happening here. > > Does anybody have any ideas? > > Thanks, > Sandy > -- Sandra L Miller Windows System Administrator Department of Computer Science University of Arizona "The opinions or statements expressed herein are my own and should not be taken as a position, opinion, or endorsement of the University of Arizona." 
Other interesting topics
Site-replication frequency minimum 15 minutes ?
ADAM - Domain Service Account V.S. Network Service User Login Time on windows 2000 profesional on Domain Replication AD Disaster Recovery Problems locating PDC on win2k3 server Clients get automatically locked How to make sub Domain Admin wit h some restriction Loading GPMC AD Restore |
|||||||||||||||||||||||
