Function Reference

_AD_GetPasswordInfo

Returns password information retrieved from the domain policy and the specified user or computer account.

#Include <AD.au3>
_AD_GetPasswordInfo([$sSamAccountName = @UserName])

Parameters

$sObject

Optional: User or computer account to get password info for (default = @UserName). Format is sAMAccountName or FQDN

Return Value

Success: Returns a one-based array with the following information:
    1 - Maximum Password Age (days)
    2 - Minimum Password Age (days)
    3 - Enforce Password History (# of passwords remembered)
    4 - Minimum Password Length
    5 - Account Lockout Duration (minutes). 0 means the account has to be unlocked manually by an administrator
    6 - Account Lockout Threshold (invalid logon attempts)
    7 - Reset account lockout counter after (minutes)
    8 - Password last changed (YYYY/MM/DD HH:MM:SS in local time of the calling user) or "1601/01/01 00:00:00" (means "Password has never been set")
    9 - Password expires (YYYY/MM/DD HH:MM:SS in local time of the calling user) or empty when password has not been set before or never expires
    10 - Password last changed (YYYY/MM/DD HH:MM:SS in UTC) or "1601/01/01 00:00:00" (means "Password has never been set")
    11 - Password expires (YYYY/MM/DD HH:MM:SS in UTC) or empty when password has not been set before or never expires
    12 - Password properties. Part of Domain Policy. A bit field to indicate complexity / storage restrictions
    1 - DOMAIN_PASSWORD_COMPLEX
    2 - DOMAIN_PASSWORD_NO_ANON_CHANGE
    4 - DOMAIN_PASSWORD_NO_CLEAR_CHANGE
    8 - DOMAIN_LOCKOUT_ADMINS
    16 - DOMAIN_PASSWORD_STORE_CLEARTEXT
    32 - DOMAIN_REFUSE_PASSWORD_CHANGE
Failure: "", sets @error to:
    1 - $sObject not found
Warning: Returns a one-based array (see Success), sets @error to:
    2 - Password does not expire (User Access Control - UAC - is set)
    3 - Password has never been set
    4 - The Maximum Password Age is set to 0 in the domain. Therefore, the password does not expire
    The @error value can be a combination of the above values e.g. 5 = 2 (Password does not expire) + 3 (Password has never been set)

Remarks

For details about password properties please check: http://msdn.microsoft.com/en-us/library/aa375371(v=vs.85).aspx

See Also

http://www.autoitscript.com/forum/index.php?showtopic=86247&view=findpost&p=619073, http://windowsitpro.com/article/articleid/81412/jsi-tip-8294-how-can-i-return-the-domain-password-policy-attributes.html

Example

#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get the domain password policy and the password info for the current user
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

; Get the password info
Global $aAD_PwdInfo[13][2] = [[12],["Maximum Password Age (days)"],["Minimum Password Age (days)"],["Enforce Password History (# of passwords remembered)"], _
["Minimum Password Length"],["Account Lockout Duration (minutes)"],["Account Lockout Threshold (invalid logon attempts)"],["Reset account lockout counter after (minutes)"], _
["Password last changed (YYYY/MM/DD HH:MM:SS local time)"],["Password expires (YYYY/MM/DD HH:MM:SS local time)"],["Password last changed (YYYY/MM/DD HH:MM:SS UTC)"], _
["Password expires (YYYY/MM/DD HH:MM:SS UTC)"],["Password properties"]]

Global $aTemp = _AD_GetPasswordInfo()
For $iCount = 1 To $aTemp[0]
$aAD_PwdInfo[$iCount][1] = $aTemp[$iCount]
Next
$aAD_PwdInfo[0][0] = $aTemp[0]

_ArrayDisplay($aAD_PwdInfo, "Active Directory Functions - Example 1", -1, 0, "<")

; Close Connection to the Active Directory
_AD_Close()