LindyS
asked on
Powershell Script To Query Active Directory
I need a PowerShell to query active directory, and return a list of enabled users with expired passwords or passwords that are about to expire. (In less than 1 month)
$dated = (Get-DAte).AddDays(-30)
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | % { if ($_.passwordlastset -lE $dated) {write-host $_.displayname $_.passwordlastset } }
ASKER
zulazen - What you have looks like it will get me close to what I need. The only problem is I need the list in a CSV, not emailed to the users.
I would like the user's name and when their password will expire.
becraig - Your solution also gets me close to what I need, but I'm having trouble getting it out to a file correctly. I can't use it if it only displays the users to the screen.
I would like the user's name and when their password will expire.
becraig - Your solution also gets me close to what I need, but I'm having trouble getting it out to a file correctly. I can't use it if it only displays the users to the screen.
$dated = (Get-DAte).AddDays(-30)
$fulllist = @()
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | % {
if ($_.passwordlastset -lE $dated)
{
$pwditem = New-Object PSObject
$pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName()
$pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordlastset()
$fulllist += $pwditem
}
}
$fulllist | export-csv c:\filename.csv -nti
ASKER
becraig - When I try to run that, I get the following error;
Method invocation failed because [Selected.Microsoft.Active Directory. Management .ADUser] does not contain a method named 'DisplayName'.
At line:7 char:2
+ $pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
+ CategoryInfo : InvalidOperation: (DisplayName:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Method invocation failed because [Selected.Microsoft.Active Directory. Management .ADUser] does not contain a method named 'passwordlastset'.
At line:8 char:2
+ $pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
+ CategoryInfo : InvalidOperation: (passwordlastset:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Method invocation failed because [Selected.Microsoft.Active
At line:7 char:2
+ $pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (DisplayName:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Method invocation failed because [Selected.Microsoft.Active
At line:8 char:2
+ $pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (passwordlastset:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks! That got me what I needed.
http://ps1scripting.blogspot.com/2012/07/active-directory-user-password.html?m=1