Finding age of administrator accounts on multiple machines in AD using powershell?

meade470
meade470 used Ask the Experts™
on
How would we search through multiple AD objects (machines) to find the password age for the account Administrator? I'd also like limit it to a search group. Here is what I have thus far:

Param
(
       [Parameter(Position=0,Mandatory=$false)]
       [ValidateNotNullorEmpty()]
       [Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
       [Parameter(Position=1,Mandatory=$false)]
       [Alias('un')][String[]]$AccountName,
       [Parameter(Position=2,Mandatory=$false)]
       [Alias('cred')][System.Management.Automation.PsCredential]$Credential
)
       
$Obj = @()

Foreach($Computer in $ComputerName)
{
       If($Credential)
       {
              $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
              -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
       }
       else
       {
              $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
              -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
       }
       
       Foreach($LocalAccount in $AllLocalAccounts)
       {
              $Object = New-Object -TypeName PSObject
              
              $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
              $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
              $Object|Add-Member -MemberType NoteProperty -Name "Caption" -Value $LocalAccount.Caption
      $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
      $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
      $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
              $Object|Add-Member -MemberType NoteProperty -Name "Password Changeable" -Value $LocalAccount.PasswordChangeable
              $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
              $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
              $Object|Add-Member -MemberType NoteProperty -Name "SID" -Value $LocalAccount.SID
              $Object|Add-Member -MemberType NoteProperty -Name "SID Type" -Value $LocalAccount.SIDType
              $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
              $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
              $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description
           $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value $LocalAccount.PasswordAge
        
              
              $Obj+=$Object
       }
       
       If($AccountName)
       {
              Foreach($Account in $AccountName)
              {
                     $Obj|Where-Object{$_.Name -like "$Account"}
              }
       }
       else
       {
              $Obj
       }
}

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
This is not saved to the AD object since the local admin is not in any way even related to AD.
To determine the age, run a domain startup script at the clients:
net user administrator>\\server\share\%computername%.txt

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial