need report of users that haven't changed password in 60 days - Powershell to CSV

need to export all users whos password hasnt been changed in the last 60 days

OU level
LVL 2
Jorge OcampoAsked:
Who is Participating?
 
SreRajConnect With a Mentor Commented:
Hi,

Please try following code from AD Module for PowerShell.

Get-ADUser -Filter * -Properties distinguishedname,cn,passwordlastset | where{$_.passwordlastset -ne $null} | where{$_.passwordlastset -le ((get-date).adddays(-60))} | select name,samaccountname,@{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | export-csv userlist.csv -notypeinformation
0
 
Jorge OcampoAuthor Commented:
where do i specify the OU location what does the -replace do?
0
 
SreRajCommented:
You don't need to specify a OU as it runs on the complete domain and creates a list of all users whose last password set is older than 60 days. There will be a column with heading Parent Container which will give the OU name in which user account exists.

Output  of Get-AdUser does not contain Name of the OU for a user account. So this command takes the value in  distinguishedname attribute and trims it to take the OU name from it. -replace is used for this trimming.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.