We are using IA Blade, but user accounts with expiration set are local user accounts used for VPN access, not Management Administrators.

Open Object Explorer from the TOP Menu and search for Users/Groups

If it would be so simple I wouldn't ask the question in first place

In Objects Explorer there is no column "Expiration date" or similar, which would be more than helpful

sorry didn’t meant to insult or imply anything just wanted to help  by giving a hint

now when you confirm that the question remains whether you guys use RADIUS or not ?

when you click that Expired Account on the bottom what does it say?

No insult taken. Just wanted to say I have exhausted all options I could find including CLI API, prior to asking question here.

All users are locally defined on Management server.

In R80.10 there is no Expired Account on bottom.

In R77.30 it opens window like this:

The only way I could see something similar i R80.10 is to open Mobile Access configuration, which opens old fashioned SmartDashboard, and then in Object List choose Users and Administrators, and sort it by expiration date.

My question is if there is a way to do it directly from R80.10 SmartConsole? I can't find how to do it.

I got it so it effectively means your users were created for MAB not for using Management bit. Fine. So in terms of that there is no way you could see those users in new R80.10 as that build uses the same old-fashion way of MAB Management too.

When you on R80.10 and you use Mobile Access Blade your Management for those using it including users, their certs (those can be done also from R80.10 Users Management) is mainly via R77.30 Style Dashboard which comes up when you click it down on the Management Tab. So answering your question - no, you cannot manage those users from R80.10 SmartConsol as it redirects you anyway to old-style Dash with MAB Tab management.

hope it sorted it out

Jerry

Unfortunately not as we are not using MAB at all.

I just use the link in SmartConsole to launch old SmartDashboard and get Object List to see expired users. It is only workaround for something I should be able to see from SmartConsole itself.

Users and passwords are created thorough SmartConsole, and every user has expiration date set. Even if don't use it in any blade, any rule, I would like to see which ones are expired without opening each one of them.

Thanks for your help and suggestions! I don't mean to offend you, but I'm not sure you are getting the point what I'm asking

So I will rephrase my question:

Is it possible to see User account expiration field for multiple users at once in SmartConsole, without opening View for each user separately?

alright then, I don't see any other option Marko and frankly I don't think there is any other than you've mentioned.

I tried the same in my lab just now and I see no option to see that by R80.10 SmartConsole I'm afraid.

Sorry to disappoint you but I think you're correct. The only way of doing what's your aim is to do that the way you just did explain.

wrong! it wasn’t about Administrators but regular users

I have meanwhile updated my comment 

Thanks Jozko for CLI command!

I have improved it a little bit to get more formatted output:

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/ //' | awk 'NR==1&&!/^ /{n=$0}NR!=1&&!/^ /{print n,p; n=$0; p="";}/^ /{p=p";"$0;}END{print n,p;}' | sed 's/        //' | sed 's/ ;/;/'

Marko, can you output that to a text file?

Thanks Jozko, to where does this command output the file to?

Below is the command I usually execute to extract all locally defined users:

==>   fwm dbexport -f /tmp/VPN_Users_.xls

Then I will FTP the file out of the Manager to a desired location.

Just replace /path/to/folder/ to the desired location

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/ //' | sed 's/        //' > /path/to/folder/users_expiration_dates.txt

Thank you...works like a charm.

I managed to extract the report.

I'd like to do some formatting of the text file...how can I have the user name and the expiry date on the same line?

Jozko, can you please add another field "comment" to the query?

Just replace /path/to/folder/users_expiration_dates.txt to the desired location.

echo -e "query users, administrator='false' \nquit" | dbedit -local | grep -E 'Object Name: |expiration_date:|comments: ' | sed 's/Object Name://g' | sed 's/expiration_date://g' | sed 's/comments://g' | sed 's/ //' | sed 's/        //' | sed 's/    //' | paste -d' ' - - - > /path/to/folder/users_expiration_dates.txt‍‍

Every user + expiration date + comment is in the separate line.

Thank you Jozko, this is very powerful! Thanks again - you made my day.

Thanks Tomer for the info.

Hi Tomer,

any estimate? It's been for a while...

We are on R80.20 and this is still an issue. Is there any fix coming?

Expiration date shows in Object Explorer from R80.20 onward.
Click on Objects in the upper left and select Object Explorer.
Then choose Users > Users.

Hi. Thanks for those posts here. But how do i Update all the Users in one Bulk Update via the gui.. I can see all Infos in the Object Explorer, but can only change this for one object at the same time.. i need to modify 300 Users.

Any hint for me.. Thanks

bye

roman

Can’t be done via SmartConsole but can be scripted via the API.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Change-expiration-date-of-users-u...