bsharath
asked on
Powershell Script to query a OU with users and update the Last password reset date and Last used date.
Hi,
Powershell Script to query a OU with users and update the Last password reset date and Last used date.
Like
(Password reset : 10 days) (Last logged in : 5 days)
Regards
sharath
Powershell Script to query a OU with users and update the Last password reset date and Last used date.
Like
(Password reset : 10 days) (Last logged in : 5 days)
Regards
sharath
Remember that lastLogon is not replicated. If accuracy is important then all DCs in the domain must be queried.
PasswordLastSet is replicated and isn't a problem.
Chris
You wanted to write that to the description?
The SeachRoot on the third line defines the accounts it looks for. And -Enabled tells it only to look at enabled user accounts.
Chris
$Users = @{}
Get-QADComputer -ComputerRole DomainController | ForEach-Object {
Get-QADUser -SearchRoot "domain.com/Offices" -Enabled -Service $_.Name -SizeLimit 0 | `
Select-Object DN, LastLogon, PasswordLastSet | ForEach-Object {
If ($Users.$($_.DN)) {
$Users.$($_.DN) = $_ | Select-Object DN, PasswordLastSet, `
@{n='LastLogon';e={
If ($_.LastLogon -gt $Users.$($_.DN).LastLogon) {
$_.LastLogon
} Else {
$Users.$($_.DN).LastLogon
} }}
} Else {
$Users.Add($_.DN, $_)
}
}
}
$Users.Values | ForEach-Object {
$PasswordReset = (New-TimeSpan $_.PasswordLastSet).Days
$LastLogon = (New-TimeSpan $_.LastLogon).Days
Set-QADUser $_.DN -Description "(Password reset : $PasswordReset days) (Last logged in : $LastLogon days)
}
ASKER
Thanks
If the root i want to scan is this. Should the line be as this
domain.com/Offices/China/U sers
Should i mention the Dc's name?
If the root i want to scan is this. Should the line be as this
domain.com/Offices/China/U
Should i mention the Dc's name?
Yes for the root, and no for the DCs, the first line finds your DCs for you.
Chris
ASKER
I get this
Get-QADUser : Cannot resolve directory object for the given identity:
Get-QADUser : Cannot resolve directory object for the given identity:
Is it highlighting the search root there? As with the last one, I can't help you with paths within your own directory.
Chris
Same as the other, hard-coded Domain Controller names.
Chris
$DomainControllers = "dc1", "dc2", "dc3", "dc4"
$Users = @{}
$DomainControllers | ForEach-Object {
Get-QADUser -SearchRoot "domain.com/Offices" -Enabled -Service $_ -SizeLimit 0 | `
Select-Object DN, LastLogon, PasswordLastSet | ForEach-Object {
If ($Users.$($_.DN)) {
$Users.$($_.DN) = $_ | Select-Object DN, PasswordLastSet, `
@{n='LastLogon';e={
If ($_.LastLogon -gt $Users.$($_.DN).LastLogon) {
$_.LastLogon
} Else {
$Users.$($_.DN).LastLogon
} }}
} Else {
$Users.Add($_.DN, $_)
}
}
}
$Users.Values | ForEach-Object {
$PasswordReset = (New-TimeSpan $_.PasswordLastSet).Days
$LastLogon = (New-TimeSpan $_.LastLogon).Days
Set-QADUser $_.DN -Description "(Password reset : $PasswordReset days) (Last logged in : $LastLogon days)
}
ASKER
I have 4 users in the OU and the script has been running from 20 Min and does not end.
I'll have to check it tomorrow then, I have nothing here I can test against.
Chris
ASKER
Ok
any help on this
https://www.experts-exchange.com/questions/26305953/Query-a-OU-and-all-Ou's-below-it-and-get-each-users-membership-and-count-alone.html
https://www.experts-exchange.com/questions/26305931/Powershell-script-to-find-all-users-who-is-not-set-to-default-storage-quota-Query-all-users-in-an-OU-and-below-them.html
any help on this
https://www.experts-exchange.com/questions/26305953/Query-a-OU-and-all-Ou's-below-it-and-get-each-users-membership-and-count-alone.html
https://www.experts-exchange.com/questions/26305931/Powershell-script-to-find-all-users-who-is-not-set-to-default-storage-quota-Query-all-users-in-an-OU-and-below-them.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
For few i get this
(Password reset : 8 days) (Last logged in : - days)
Does this mean the user never logged in?
For few i get this
(Password reset : 8 days) (Last logged in : - days)
Does this mean the user never logged in?
Yes, or rather, never logged into the DCs specified.
Chris
Open in new window