• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 885
  • Last Modified:

need report of users that haven't changed password in 60 days - Powershell to CSV

need to export all users whos password hasnt been changed in the last 60 days

OU level
Jorge Ocampo
Jorge Ocampo
  • 2
1 Solution

Please try following code from AD Module for PowerShell.

Get-ADUser -Filter * -Properties distinguishedname,cn,passwordlastset | where{$_.passwordlastset -ne $null} | where{$_.passwordlastset -le ((get-date).adddays(-60))} | select name,samaccountname,@{n='ParentContainer';e={$_.distinguishedname -replace '^.+?,(CN|OU.+)','$1'}} | export-csv userlist.csv -notypeinformation
Jorge OcampoAuthor Commented:
where do i specify the OU location what does the -replace do?
You don't need to specify a OU as it runs on the complete domain and creates a list of all users whose last password set is older than 60 days. There will be a column with heading Parent Container which will give the OU name in which user account exists.

Output  of Get-AdUser does not contain Name of the OU for a user account. So this command takes the value in  distinguishedname attribute and trims it to take the OU name from it. -replace is used for this trimming.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now