Link to home
Start Free TrialLog in
Avatar of LindyS
LindySFlag for United States of America

asked on

Powershell Script To Query Active Directory

I need a PowerShell to query active directory, and return a list of enabled users with expired passwords or passwords that are about to expire. (In less than 1 month)
Avatar of zulazen
zulazen
See if this entry in my blog helps.  You should be able to pull the cmdlets out of the script you need.

http://ps1scripting.blogspot.com/2012/07/active-directory-user-password.html?m=1
Avatar of becraig
becraig
Flag of United States of America image
$dated = (Get-DAte).AddDays(-30)
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | %  { if ($_.passwordlastset -lE $dated) {write-host $_.displayname $_.passwordlastset } }

Open in new window

Avatar of LindyS
LindyS
Flag of United States of America image

ASKER

zulazen - What you have looks like it will get me close to what I need. The only problem is I need the list in a CSV, not emailed to the users.
I would like the user's name and when their password will expire.

becraig - Your solution also gets me close to what I need, but I'm having trouble getting it out to a file correctly. I can't use it if it only displays the users to the screen.
Avatar of becraig
becraig
Flag of United States of America image
$dated = (Get-DAte).AddDays(-30)
$fulllist = @()
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | %  { 
if ($_.passwordlastset -lE $dated) 
    {
	$pwditem = New-Object PSObject
	$pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName()
	$pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordlastset()
	$fulllist += $pwditem 
    } 
}
$fulllist | export-csv c:\filename.csv -nti

Open in new window

Avatar of LindyS
LindyS
Flag of United States of America image

ASKER

becraig - When I try to run that, I get the following error;

Method invocation failed because [Selected.Microsoft.ActiveDirectory.Management.ADUser] does not contain a method named 'DisplayName'.
At line:7 char:2
+     $pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (DisplayName:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
 
Method invocation failed because [Selected.Microsoft.ActiveDirectory.Management.ADUser] does not contain a method named 'passwordlastset'.
At line:8 char:2
+     $pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordl ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (passwordlastset:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
ASKER CERTIFIED SOLUTION
Avatar of becraig
becraig
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LindyS
LindyS
Flag of United States of America image

ASKER

Thanks! That got me what I needed.