Avatar of meade470
meade470
 asked on

Finding age of administrator accounts on multiple machines in AD using powershell?

How would we search through multiple AD objects (machines) to find the password age for the account Administrator? I'd also like limit it to a search group. Here is what I have thus far:

Param
(
       [Parameter(Position=0,Mandatory=$false)]
       [ValidateNotNullorEmpty()]
       [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
       [Parameter(Position=1,Mandatory=$false)]
       [Alias('un')][String[]]$AccountName,
       [Parameter(Position=2,Mandatory=$false)]
       [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
       
$Obj = @()

Foreach($Computer in $ComputerName)
{
       If($Credential)
       {
              $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
              -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
       }
       else
       {
              $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
              -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
       }
       
       Foreach($LocalAccount in $AllLocalAccounts)
       {
              $Object = New-Object -TypeName PSObject
              
              $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
              $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
              $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
      $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
      $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
      $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
              $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
              $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
              $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
              $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
              $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
              $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
              $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
              $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
           $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value $LocalAccount.PasswordAge
        
              
              $Obj+=$Object
       }
       
       If($AccountName)
       {
              Foreach($Account in $AccountName)
              {
                     $Obj|Where-Object{$_.Name -like "$Account"}
              }
       }
       else
       {
              $Obj
       }
} 

Open in new window

PowershellActive DirectoryScripting Languages

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck