Search code examples
vbscriptactive-directory

Error code 0x8000500D when trying to access PasswordLastChanged

I'm writing a VBScript that will simply check each user in AD if their password has been changed within a given number of days. When I was trying to get it working for a single user, I came up with the following working code:

Option Explicit

Dim objUser, strLDAPConnection, intPwdExpLimit

strLDAPConnection = "CN=Test User,OU=Test,OU=Employees,DC=domain,DC=com"

intPwdExpLimit = 90

Set objUser = GetObject("LDAP://" + strLDAPConnection)

WScript.Echo DaysSincePwdChange(objUser)

Function DaysSincePwdChange(objUserAccount)
    DaysSincePwdChange = dateDiff("d", objUserAccount.PasswordLastChanged, Now)
End Function

So then I tried to get it to work by looping through all users in a Test OU with the following code:

Option Explicit

Const strOffice = "Test"

Dim objEmployeesOU, objUser, intPwdExpLimit

intPwdExpLimit = 90

Set objEmployeesOU = GetObject("LDAP://OU=" & strOffice & _
                     ",OU=Employees,DC=domain,DC=com")

For Each objUser In objEmployeesOU
    If objUser.class = "user" Then
        If ((DaysSincePwdChange(objUser)) >= intPwdExpLimit) Then
            MsgBox(objUser & ": Password Expired.")
        Else
            MsgBox(objUser & ": Password Current.")
        End If
    End If 
Next

Function DaysSincePwdChange(objUserAccount)
    DaysSincePwdChange = dateDiff("d", objUserAccount.PasswordLastChanged, Now)
End Function

The above code produces a 0x8000500D error and googling the error says that it can't find the property in the cache (referring to the PasswordLastSet property, see error description link here).

Any ideas why the first block of code works fine but the second has a problem accessing that property?

Solution

  • Error code 0x8000500d means E_ADS_PROPERTY_NOT_FOUND. The password of the user has never been changed, so the property is not set. You could handle the condition like this:

    Function DaysSincePwdChange(objUserAccount)
    On Error Resume Next
    DaysSincePwdChange = dateDiff("d", objUserAccount.PasswordLastChanged, Now)
    If Err Then
      If Err.Number = &h8000500d Then
        DaysSincePwdChange = -1
      Else
        WScript.Echo "Unexpected Error (0x" & Hex(Err.Number) & "): " & _
          Err.Description
        WScript.Quit 1
      End If
    End If
End Function

    and modify the check like this:

    passwordAge = DaysSincePwdChange(objUser)
If passwordAge >= intPwdExpLimit) Then
    MsgBox(objUser & ": Password Expired.")
ElseIf passwordAge = -1 Then
    MsgBox(objUser & ": Password never changed.")
Else
    MsgBox(objUser & ": Password Current.")
End If