DEVHIDE
Login Or Sign up

Extract from Active Directory last password change and test if 6 month

949 Views Asked by At

I try to extract form my DC user list with last password change and compare this date to the current days. Test if 10 Day before 6 month pass my test "if doesn't work, I think there is format date problem But I don't know. Can you help me ?

$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Get-ADUser -Properties SamAccountName,Mail,PasswordLastSet | 
         Select-Object Name,SamAccountName,Mail,PasswordLastSet 

foreach ($user in $users) 
{
    if ( Get-Date.addDays(-10) -gt $($user.PasswordLastSet).AddDays(180) )
    {
        Write-Output $($user.SamAccountName) $($user.PasswordLastSet)
    }
}
powershell dc
Original Q&A
2

There are 2 best solutions below

0
Theo On

Get-Date.addDays(-10) is wrong and should be (Get-Date).AddDays(-10).

I would also suggest to drop the time part from that by using (Get-Date).AddDays(-10).Date so it effectively sets that reference date to midnight.

The Select-Object Name,SamAccountName,Mail,PasswordLastSet is redundant in this case.

Try something like this:

$refDate = (get-Date).AddDays(-10).Date

# Get-ADGroupMember can return users, groups, and computers. 
$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Where-Object { $_.objectClass -eq 'user' } |
         Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet

foreach ($user in $users) {
    if (!$user.PasswordNotRequired) {  # some users may not need to have a password?
        if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
            Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
        }
    }
}
1
Jérémie On

great, it works except for an error but i think it's beacause of user.passewordLastSet

$refDate = (Get-Date).AddDays(-10).Date

$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet


foreach ($user in $users) {
    if (!$user.PasswordNotRequired) {  # some users may not need to have a password?
         if ($user.PasswordLastSet) {
            if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
                Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
            }
        }
    }
}

Related Questions in POWERSHELL

Related Questions in DC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.