• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

need report of users that haven't changed password in 60 days - Powershell to CSV

need to export all users whos password hasnt been changed in the last 60 days

OU level
0
Jorge Ocampo
Asked:
Jorge Ocampo
  • 2
1 Solution
 
SreRajCommented:
Hi,

Please try following code from AD Module for PowerShell.

Get-ADUser -Filter * -Properties distinguishedname,cn,passwordlastset | where{$_.passwordlastset -ne $null} | where{$_.passwordlastset -le ((get-date).adddays(-60))} | select name,samaccountname,@{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | export-csv userlist.csv -notypeinformation
0
 
Jorge OcampoAuthor Commented:
where do i specify the OU location what does the -replace do?
0
 
SreRajCommented:
You don't need to specify a OU as it runs on the complete domain and creates a list of all users whose last password set is older than 60 days. There will be a column with heading Parent Container which will give the OU name in which user account exists.

Output  of Get-AdUser does not contain Name of the OU for a user account. So this command takes the value in  distinguishedname attribute and trims it to take the OU name from it. -replace is used for this trimming.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now