i had been using the password expired check (vbscipts) for while and lately i found the scipts didn't work as usual. In my current enviroment, i have 2 different forest domain. In Forest A, i have never faced any problem with script since day 1 but in forest B, i used the same script, it is work for quite sometime but it didn't. The script basically will query the AD to check password age for user, if the password going to expired then an email will send to user. i try to run the script from member server, and it is work for 2 or 3 days after that it failed to run. The error is Permission denied, code:800A0046.I think is it about permission but not sure where to check.I attached the sample of script and screenshot of error, kindly help ' John Savill 8th June 2005 ' Runs check on last password change date ' Option Explicit Dim objCommand, objConnection, objChild, objUserConnection, strBase, strFilter, strAttributes, objRootDSEstrPasswordChangeDate, intPassAge Dim lngTZBias, objPwdLastSet, strEmailAddress, objMessage Dim objShell, lngBiasKey, k, PasswordExpiry, strRootDomain Dim strQuery, objRecordset, strName, strCN, objLogfile, objFSO Dim oWshShell : Set oWshShell = CreateObject("WScript.Shell") Dim strNoOfDays Dim objRootDSE, strPasswordChangeDate ' ********************* CHANGE THESE VALUES TO PASSWORD EXPIRY AND ROOT OF WHERE USERS WILL BE SEARCHED *********************************** PasswordExpiry=90 'strRootDomain="dc=contoso,dc=com" Set objRootDSE = GetObject("LDAP://RootDSE") strRootDomain = objRootDSE.get("defaultNamingContext") ' ***************************************************************************************************************************************** 'create logfile Const ForWriting = 2 Set objFSO = CreateObject("Scripting.FileSystemObject") Set objLogFile = objFSO.CreateTextFile("PasswordExpireLog.txt", _ ForWriting, True) 'objLogFile.Writeline "List of users With Password That Nearly Expire" objLogFile.Writeline "*********************************************" objLogFile.Writeline ' Obtain local Time Zone bias from machine registry. Set objShell = CreateObject("Wscript.Shell") lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias") If UCase(TypeName(lngBiasKey)) = "LONG" Then lngTZBias = lngBiasKey ElseIf UCase(TypeName(lngBiasKey)) = "VARIANT()" Then lngTZBias = 0 For k = 0 To UBound(lngBiasKey) lngTZBias = lngTZBias + (lngBiasKey(k) * 256^k) Next End If Set objCommand = CreateObject("ADODB.Command") Set objConnection = CreateObject("ADODB.Connection") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" objCommand.ActiveConnection = objConnection strBase = "<LDAP://" & strRootDomain & ">" strFilter = "(&(objectCategory=person)(objectClass=user))" strFilter = "(&(objectCategory=person)(objectClass=user)(mail=*)(!userAccountControl:1.2.840.113556.1.4.803:=65536))" strAttributes = "displayName,cn,mail,pwdLastSet,distinguishedName" strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" objCommand.CommandText = strQuery objCommand.Properties("Page Size") = 100 objCommand.Properties("Timeout") = 30 objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute oWshShell.Popup "Running at " & Date(), 1 Do While Not objRecordSet.EOF strName = objRecordSet.Fields("displayName").Value strCN = objRecordSet.Fields("cn").value strEmailAddress = objRecordSet.Fields("mail").value oWshShell.Popup "NT Name: " & strName & ", Common Name: " & strCN, 1 ' write user info to logfile 'oWshShell.Popup vbtab & "DistinguishedName: " & objRecordSet.Fields("distinguishedName").Value, 1 On Error Resume Next Set objUserConnection = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value) If Err.Number = 0 Then On Error GoTo 0 Set objPwdLastSet = objUserConnection.pwdLastSet strPasswordChangeDate = Integer8Date(objPwdLastSet, lngTZBias) 'oWshShell.Popup vbTab & "Password last changed at " & strPasswordChangeDate, 1 intPassAge = DateDiff("d", strPasswordChangeDate, Now) oWshShell.Popup vbTab & "Password changed " & intPassAge & " days ago", 1 If intPassAge = (PasswordExpiry-1) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 1 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 1 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 1) ElseIf intPassAge = (PasswordExpiry-2) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 2 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 2 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 2) ElseIf intPassAge = (PasswordExpiry-3) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 3 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 3 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 3) ElseIf intPassAge = (PasswordExpiry-4) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 4 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 4 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 4) ElseIf intPassAge = (PasswordExpiry-5) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 5 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 5 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 5) ElseIf intPassAge = (PasswordExpiry-6) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 6 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 6 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 6) ElseIf intPassAge = (PasswordExpiry-7) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 7 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 7 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 7) ElseIf intPassAge = (PasswordExpiry-12) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 12 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 12 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 12) ElseIf intPassAge = (PasswordExpiry-13) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 13 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 13 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 13) ElseIf intPassAge = (PasswordExpiry-14) Then oWshShell.Popup vbTab & "Sending user notification to " & strEmailAddress & " that password expires in 14 days", 1 objLogFile.Writeline " Display Name :" & strName objLogFile.Writeline " Email :" & strEmailAddress objLogFile.Writeline " Password Expires in 14 " & " days" objLogFile.Writeline Call SendEmailMessage(strEmailAddress, 14) End If Else Err.Clear On Error GoTo 0 oWshShell.Popup vbtab & "Error binding to " & objRecordSet.Fields("distinguishedName").Value, 1 End If objRecordSet.MoveNext Loop objConnection.Close Function Integer8Date(objDate, lngBias) ' Function to convert Integer8 (64-bit) value to a date, adjusted for ' local time zone bias. Dim lngAdjust, lngDate, lngHigh, lngLow lngAdjust = lngBias lngHigh = objDate.HighPart lngLow = objdate.LowPart ' Account for error in IADslargeInteger property methods. If lngLow < 0 Then lngHigh = lngHigh + 1 End If If (lngHigh = 0) And (lngLow = 0) Then lngAdjust = 0 End If lngDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _ + lngLow) / 600000000 - lngAdjust) / 1440 ' Trap error if lngDate is overly large On Error Resume Next Integer8Date = CDate(lngDate) If Err.Number <> 0 Then On Error GoTo 0 Integer8Date = #1/1/1601# End If On Error GoTo 0 End Function Sub SendEmailMessage(strDestEmail, strNoOfDays) Set objMessage = CreateObject("CDO.Message") objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.contoso.com" objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 objMessage.Configuration.Fields.Update objMessage.Subject = "Password Expires in " & strNoOfDays & " days" objMessage.From = "Password-Notifier@sapura.com.my" objMessage.To = strDestEmail objMessage.TextBody = "Your password expires in " & strNoOfDays & " day/s. Please change your password at http://webmail.contoso.com to prevent further logon problems." & vbCRLF & vbCRLF & vbCRLF & vbCRLF & "Regards," & vbCRLF & vbCRLF & "Sapura Postmaster" 'objLogFile.Writeline 'objLogFile.Writeline 'objMessage.TextBody = "Regards," 'objLogFile.Writeline 'objMessage.TextBody = "Consoto Postmaster" objMessage.Send End Sub

Which line number raises the error, and which VBScript statement is at that line number?After a quick glance the only comment I have is that you bind to each user object to retrieve the value of the pwdLastSet attribute. It would be more efficient (and possibly much faster), to add pwdLastSet to the comma delimited list of attribute values to be retrieved. The attribute will be added to the Recordset. Then, instead of: Set objUserConnection = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value) If Err.Number = 0 Then On Error GoTo 0 Set objPwdLastSet = objUserConnection.pwdLastSet strPasswordChangeDate = Integer8Date(objPwdLastSet, lngTZBias) You could instead use code similar to below: Set objPwdLastSet = objRecordset.Fields("pwdLastSet").Value strPasswordChangeDate = Integer8Date(objPwdLastSet, lngTZBias) Richard MuellerMVP ADSI

Error as below:Scripts :c:\pwdscripts\passwordnotofierusers.vbsline:26Char:1Error:permission deniedcode:800A0046Source:Microsoft Vbscriots runtime errorThis happened couple of months back, i think 3 months back. Previously, it was work OK.I used the same script on different domain (in different forest) and it is working just fine since day one.Please help

If my copy of the program is identical to yours, line 26 is the "Set objLogFile" statement. This creates a text file in the same directory where the VBScript program is saved. Could you have lost permissions to create files in this folder? Or, could the existing file have been flagged read-only so it cannot be overwritten. I can duplicate your error if I make the old log file read-only.Richard MuellerMVP ADSI

The text file will be save on same directory where the VBScipts is saved. It was set at C:\Scripts. I using admin account to log on to DC and run the VBScripts program. I have checked the permission on "Scripts", Security tab | Administrator was set to FULL CONTROL and on "PasswordExpiredLog.txt" the attribute for "READ-ONLY" and "HIDDEN" was unchecked.Kindly assistSuriya

The script works for me as written (except sub SendEmailMessage). The only way I could duplicate your error was by making the log file read-only (or removing permissions to write). If the error is raised on line 26, and line 26 is: Set objLogFile = objFSO.CreateTextFile("PasswordExpireLog.txt", _ ForWriting, True)then the problem must be permissions creating the file. Try deleting the file first. Try using a different name. Then perhaps specify another path in another folder (the file name can include the path).Richard MuellerMVP ADSI

I try to delete\rename the "PasswordExpireLog.txt" file annd failed. It was reported that "It is being used by another program or user. Close any programs that might using the file and try again". I had deleted the Schedule task and confirm that there is no program or another user using the file? How may i check it what exactly using the file?I will using another name and see what the result is..Thank

That explains the problem. Something has the file open for exclusive access. You might be able to use Task Manager to halt the process that has the file open. Otherwise, a restart of the computer could be the only solution. The process could be an editor, a backup program, or a VBScript program. Richard MuellerMVP ADSI

problem is solved...thank