Skip to content

Instantly share code, notes, and snippets.

@jkirk

jkirk/samba-list-expired-passwords.sh

Created July 5, 2021 21:38
Download ZIP
List expired Samba domain account passwords
Raw
samba-list-expired-passwords.sh
#!/bin/bash
# Inspired from: https://linux.samba.narkive.com/J6bwFGaF/samba-users-list-and-the-date-the-password-will-expire#post15
# Get path to sam.ldb
LDBDIR=$(samba -b | grep 'PRIVATE_DIR' | awk -F ':' '{print $NF}' | sed 's/^ *//g')
if [ -z "${LDBDIR}" ]; then
echo "This is supposed to be a DC, but cannot obtain the Private dir."
echo "Cannot Continue...Exiting."
exit 1
else
LDBDB="${LDBDIR}/sam.ldb"
fi
# Get the default naming context of the domain # DC=samdom,DC=example,DC=com
domainDN=$(ldbsearch -H "${LDBDB}" -b "" -s base defaultNamingContext | grep 'defaultNamingContext' | sed 's|defaultNamingContext: ||')
if [ -z "${domainDN}" ]; then
echo "Could not obtain AD rootDSE"
exit 1
fi
user_list=$(wbinfo -u)
for user in $user_list; do
user=$(echo "${user}" | awk -F '\\' '{print $2}')
user_expire_date=$(ldbsearch --url="${LDBDB}" -b "${domainDN}" -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=$user))" msDS-UserPasswordExpiryTimeComputed | grep "msDS-UserPasswordExpiryTimeComputed: " | sed "s|msDS-UserPasswordExpiryTimeComputed: ||")
UNIXTimeStamp=$(((user_expire_date/10000000)-11644473600))
date_now=$(date +%s)
exp_days=$(((UNIXTimeStamp - date_now) / 3600 / 24))
if [ "${exp_days}" -le "0" ]; then
echo "Gotcha: ${user} / WARNING: Your domain account password has expired!!!"
elif [ "${exp_days}" -lt "90" ]; then
echo echo "Gotcha: ${user} / WARNING: Your domain account password will expire in ${exp_days} days!"
fi
done
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment