Why is this PS cmd failing?

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS U:\>  $dr = [ADSI]"LDAP://OU=<OU>,DC=<DC>,DC=<DC>"
PS U:\> $ds = New-Object DirectoryServices.DirectorySearcher
PS U:\> $ds.SearchRoot=$dr
PS U:\> $ds.filter = "(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
PS U:\>
PS U:\> $colResults = $ds.FindAll()
Exception calling "FindAll" with "0" argument(s): "An invalid dn syntax has been specified.
"
At line:1 char:26
+ $colResults = $ds.FindAll <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

PS U:\> foreach ($objResult in $colResults)
>> {
>>     $objItem = $objResult.Properties;
>>     $objItem.name, [DateTime]::FromFileTime($objItem.lastlogon[0])
>> }
>>
LVL 2
BrianRBAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BrianRBAuthor Commented:
Sorry, that's not the entire thing...here you go........


Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS U:\>  $dr = [ADSI]"LDAP://OU=<OU>,DC=<DC>,DC=<DC>"
PS U:\> $ds = New-Object DirectoryServices.DirectorySearcher
PS U:\> $ds.SearchRoot=$dr
PS U:\> $ds.filter = "(&(objectCategory=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
PS U:\>
PS U:\> $colResults = $ds.FindAll()
Exception calling "FindAll" with "0" argument(s): "An invalid dn syntax has been specified.
"
At line:1 char:26
+ $colResults = $ds.FindAll <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

PS U:\> foreach ($objResult in $colResults)
>> {
>>     $objItem = $objResult.Properties;
>>     $objItem.name, [DateTime]::FromFileTime($objItem.lastlogon[0])
>> }
>>
Cannot index into a null array.
At line:4 char:64
+     $objItem.name, [DateTime]::FromFileTime($objItem.lastlogon[ <<<< 0])
    + CategoryInfo          : InvalidOperation: (0:Int32) [], RuntimeException
    + FullyQualifiedErrorId : NullArray

PS U:\>
0
BrianRBAuthor Commented:
ok i found some problems with it....basically here is what i need is this.....a cmdlt that shows all accounts that are set to never change password and their last true logon time.  i opened a previous case and someone suggested using adfind.  it worked perfect.  the more i thought about it last night, the more i realized i really do need to get it via ps.  when it comes to ps, i have not a single clue of what i'm doing. :)
0
Dale HarrisProfessional Services EngineerCommented:
Try this:

$daysSinceLastLogon=60
$d=(get-date).AddDays(-$daysSinceLastLogon).ToFiletimeUTC()
$Users = Get-QADUser -PasswordNeverExpires -sizelimit 0 -ldapfilter "(lastLogonTimeStamp<=$d)"
$Users

Thanks to http://dmitrysotnikov.wordpress.com/2008/07/18/finding-the-latest-logon-time/

Dale Harris
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Dale HarrisProfessional Services EngineerCommented:
This would filter out anyone that hasn't logged in for 60 days.  If you want a list of all users that passwords are set to not expire, then show the lastlogontimestamp for those, very close to the original script:

$Users = Get-QADUser -PasswordNeverExpires -sizelimit 0
$Users | ft Name,LastLogonTimeStamp
0
BrianRBAuthor Commented:
PS U:\> $daysSinceLastLogon=60
PS U:\> $d=(get-date).AddDays(-$daysSinceLastLogon).ToFiletimeUTC()
PS U:\> $Users = Get-QADUser -PasswordNeverExpires -sizelimit 0 -ldapfilter "(lastLogonTimeStamp<=$d)"
The term 'Get-QADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:21
+ $Users = Get-QADUser <<<<  -PasswordNeverExpires -sizelimit 0 -ldapfilter "(lastLogonTimeStamp<=$d)"
    + CategoryInfo          : ObjectNotFound: (Get-QADUser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS U:\> $Users
PS U:\>
PS U:\>
0
Dale HarrisProfessional Services EngineerCommented:
Or even shorter still, but doesn't involve putting it into an array:

Get-QADUser -PasswordNeverExpires -sizelimit 0 | ft Name,LastLogonTimeStamp

Good luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BrianRBAuthor Commented:
yeah i don't need 60 days...need it all :)
0
Dale HarrisProfessional Services EngineerCommented:
You have to make sure you are using the AD CMDlets from Quest.
http://www.quest.com/powershell/activeroles-server.aspx

Then either in your startup script, or in your actual script, do this:

Install-PSSnapin "*quest*"

If you want more help with this, check out my article here:
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/A_4327-PowerShell-Where-do-I-start.html

It has a great listing of AD commands, and it also points back to a great starter article.

DH
0
BrianRBAuthor Commented:
ah...got ya...ok so dide that...but need it to show the actual last logon stamp...you're a good man sir
0
BrianRBAuthor Commented:
You're my hero.... Merry Christmas to you Sir.
0
Dale HarrisProfessional Services EngineerCommented:
Well I'm not at work right now, so I'm going to shoot from the hip here.

$Users = Get-QADUser -PasswordNeverExpires -sizelimit 0
foreach ($User in $Users){
$NewLogon = [datetime]::FromFileTime($User.LastLogonTimeStamp)
$Name = $User.name
Write-Host "$Name $NewLogon"
}

DH
0
Dale HarrisProfessional Services EngineerCommented:
Merry Christmas to you!
0
BrianRBAuthor Commented:
ok that's odd.....

using this cmd........Get-QADUser -PasswordNeverExpires -sizelimit 0 | ft Name,LastLogonTimeStamp

i plug it into powergui editor and it works like a champ....flip over to author mode and it doesn't show the time...it only shows name/type/dn
0
Dale HarrisProfessional Services EngineerCommented:
Try running it in your console.  Again, try to set up your profile with a startup that allows you to install any cmdlets.

If it helps at all, here's what I do to maximize my powershell-ing:

All scripts are edited with PowerGui

I only run it in the console.  That way, I can also run portions and make sure that every piece/block of my code is working correctly.

Good luck!
0
marek1712Commented:
I prefer to use standard cmdlets, so I'm not trying to use QuestAD.
Anyway - I hope you did replace the <OU> and <DC> tags with proper path?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.