Powershell Script To Query Active Directory

I need a PowerShell to query active directory, and return a list of enabled users with expired passwords or passwords that are about to expire. (In less than 1 month)
LVL 3
LindySAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zulazenCommented:
See if this entry in my blog helps.  You should be able to pull the cmdlets out of the script you need.

http://ps1scripting.blogspot.com/2012/07/active-directory-user-password.html?m=1
becraigCommented:
$dated = (Get-DAte).AddDays(-30)
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | %  { if ($_.passwordlastset -lE $dated) {write-host $_.displayname $_.passwordlastset } }

Open in new window

LindySAuthor Commented:
zulazen - What you have looks like it will get me close to what I need. The only problem is I need the list in a CSV, not emailed to the users.
I would like the user's name and when their password will expire.

becraig - Your solution also gets me close to what I need, but I'm having trouble getting it out to a file correctly. I can't use it if it only displays the users to the screen.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

becraigCommented:
$dated = (Get-DAte).AddDays(-30)
$fulllist = @()
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | %  { 
if ($_.passwordlastset -lE $dated) 
    {
	$pwditem = New-Object PSObject
	$pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName()
	$pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordlastset()
	$fulllist += $pwditem 
    } 
}
$fulllist | export-csv c:\filename.csv -nti

Open in new window

LindySAuthor Commented:
becraig - When I try to run that, I get the following error;

Method invocation failed because [Selected.Microsoft.ActiveDirectory.Management.ADUser] does not contain a method named 'DisplayName'.
At line:7 char:2
+     $pwditem | Add-Member -membertype NoteProperty -Name USER -Value $_.DisplayName ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (DisplayName:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
 
Method invocation failed because [Selected.Microsoft.ActiveDirectory.Management.ADUser] does not contain a method named 'passwordlastset'.
At line:8 char:2
+     $pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $_.passwordl ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (passwordlastset:String) [], RuntimeException
    + FullyQualifiedErrorId : MethodNotFound
becraigCommented:
Hmm here is an update (really rusty took too long off)

$dated = (Get-DAte).AddDays(-30)
$fulllist = @()
Get-ADUser -filter { Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, passwordlastset | select DisplayName, passwordlastset | %  { 
if ($_.passwordlastset -lE $dated) 
    {$uid = $_.DisplayName; $pwdval = $_.passwordlastset
	$pwditem = New-Object PSObject
	$pwditem | Add-Member -membertype NoteProperty -Name USER -Value $uid
	$pwditem | Add-Member -membertype NoteProperty -Name EXPIRY -Value $pwdval
	$fulllist += $pwditem 
    } 
}
$fulllist | export-csv c:\filename.csv -nti

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LindySAuthor Commented:
Thanks! That got me what I needed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.