I try to extract form my DC user list with last password change and compare this date to the current days. Test if 10 Day before 6 month pass my test "if doesn't work, I think there is format date problem But I don't know. Can you help me ?
$users = Get-ADGroupMember -Identity "GROUP" -Recursive |
Get-ADUser -Properties SamAccountName,Mail,PasswordLastSet |
Select-Object Name,SamAccountName,Mail,PasswordLastSet
foreach ($user in $users)
{
if ( Get-Date.addDays(-10) -gt $($user.PasswordLastSet).AddDays(180) )
{
Write-Output $($user.SamAccountName) $($user.PasswordLastSet)
}
}
CodePudding user response:
Get-Date.addDays(-10) is wrong and should be (Get-Date).AddDays(-10).
I would also suggest to drop the time part from that by using (Get-Date).AddDays(-10).Date so it effectively sets that reference date to midnight.
The Select-Object Name,SamAccountName,Mail,PasswordLastSet is redundant in this case.
Try something like this:
$refDate = (get-Date).AddDays(-10).Date
# Get-ADGroupMember can return users, groups, and computers.
$users = Get-ADGroupMember -Identity "GROUP" -Recursive |
Where-Object { $_.objectClass -eq 'user' } |
Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet
foreach ($user in $users) {
if (!$user.PasswordNotRequired) { # some users may not need to have a password?
if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
}
}
}
CodePudding user response:
great, it works except for an error but i think it's beacause of user.passewordLastSet
$refDate = (Get-Date).AddDays(-10).Date
$users = Get-ADGroupMember -Identity "GROUP" -Recursive |
Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet
foreach ($user in $users) {
if (!$user.PasswordNotRequired) { # some users may not need to have a password?
if ($user.PasswordLastSet) {
if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
}
}
}
}