Trying to pull some information from AD through Powershell, Specifically: samaccountname First Name Last Name Last Logon Date Password Last Set Enabled Password Policy applied
The way that I am proving password policy applied is with Get-ADUserResultantPasswordPolicy, and using the appliesto attribute to show where the user is getting their policy, since we are using fine grain password policies.
get-adgroupmember <Group> -Recursive | % {get-aduser $_ -properties *}| select samaccountname,givenname,surname,lastlogondate,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}},enabled,@{name="MemberOf"; Expression={ $(Get-ADUserResultantPasswordPolicy $_) | select (@{Expression={ ($_.AppliesTo|%{$_.split(',')[0].substring(3)}) }})}} | OGV
This command actually pulls all of the requested information
samaccountname givenname surname lastlogondate PwdLastSet enabled MemberOf
-------------- --------- ------- ------------- ---------- ------- --------
<Account> <First> <Last> <Date> <Date> True @{ ($_.AppliesTo|%{$_.split(',')[0].substring(3)}) =<Applies to Group>}
I am trying to figure out why it's adding that extra bit '@{ ($.AppliesTo|%{$.split(',')[0].substring(3)}) =' before showing the resultantpolicy.appliesto.
This is expected behavior - if you fail to supply a name or label alongside a calculated expression,
Select-Objectwill use the expression's own source code extent as the resulting property name:Skip the nested
Selectpipeline and instead useForEach-Object(alias%) to calculate the property value(s) directly: