Solved

Powershell Password settings report

Posted on 2014-09-07
2
361 Views
Last Modified: 2014-09-08
Hi,

The security manager of the company I'm working at wants me to create a report that contains the following information about AD user attributes:
passwordneverexpires
passwordnotrequired
cannotchangepassword

I'm able to find users that have one of these attributes set, but it's getting difficult for me at the next point.
Some accounts do have two attributes set, like passwordneverexpires and cannotchangepassword
The security manager only wants to have accountnames to occur only one time in the report.
So, if an account has one of the three attributes set, it must occur one time in the report.
If an account has two, or three attributes set, it also must appear only once in the report.
I figured out all the possible combinations and am trying to get those in a script to have some reporting done.

I tried things like:
$OU=@("OU=test1,OU=test,DC=domain,DC=com","OU=test2,OU=test,DC=domein,DC=com")
$Users = $ou | foreach {get-aduser -searchbase $_ -Filter  {(Enabled -eq "True")}| select samaccountname | foreach {
$Username = $_.sAMAccountname
$ADuser = Get-ADUser -identity $Username –properties *
$Name = $AdUser.CN
$Logon = $AdUser.Samaccountname
$PWnotExp = $AdUser.PasswordNeverExpires
$PWnotReq =	$AdUser.PasswordNotRequired
$PWnotCha = $AdUser.CannotChangePassword

 If (($PWnotExp -eq $true -and $PWnotCha -eq $true) -and $PWnotReq -eq $true) {
 $NotExp= "V"
 $NotCha= "V"
 $NotReq= "V"

 If (($PWnotExp -eq $true -and $PWnotCha -eq $true) -and $PWnotReq -eq $false) {
 $NotExp= "V"
 $NotCha= "V"
 $NotReq= "X"
 ""|Select @{N="Name";E={$Name}}`
						 ,@{N="Logon";E={$Username}}`
						 ,@{N="Password Expires";E={$NotExp}}`
						 ,@{N="Password Required";E={$NotReq}}`
						 ,@{N="Can change Password";E={$NotCha}}|`
 Sort-object "Name" -descending | Export-Csv $Csv_Status -Delimiter ";" -nti -append
 
}	   
}			
}
}		

Open in new window


That doesn't work.
How can I make this work or does someone have another solution to get the values for this report ?
0
Comment
Question by:Loyall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40309287
You should be able to shorten that quite a bit.  Without changing "true" and "false" to "V" and "X", you can have
$OU=@("OU=test1,OU=test,DC=domain,DC=com","OU=test2,OU=test,DC=domein,DC=com")
$ou | foreach {get-aduser -searchbase $_ -Filter {Enabled -eq "True"} –properties CN,PasswordNeverExpires,PasswordNotRequired,CannotChangePassword } |
 Select @{N="Name";E={$_.CN}},
        @{N="Logon";E={$_.samAccountName}},
        @{N="Password Expires";E={$_.PasswordNeverExpires}},
        @{N="Password Required";E={$_.PasswordNotRequired}},
        @{N="Can change Password";E={$_.CannotChangePassword}} |
 Sort-Object "Name" -descending | Export-Csv $Csv_Status -Delimiter ";" -nti -append

Open in new window


If you need some sorting along OU lines, you can just adjust what the foreach scriptblock contains.  If you must have X and V, then you can add some If statements like:
If ( $_.PasswordNeverExpires )
    { $PWnotExp = "V" }
    Else
    { $PWnotExp = "X" }

Open in new window

The above (with a little modification) could actually be done within the calculated property, it's just a little harder to read.
0
 
LVL 2

Author Closing Comment

by:Loyall
ID: 40309866
Thanks (again) Footech !
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question