Home > Net >  Need to add pwdlastset to this working powershell script
Need to add pwdlastset to this working powershell script

Time:09-02

This script was written by someone else and is completely beyond me, I would like to also get pwdlastset added to the output.

    $NumDays = 90
$LogDir = ".\HaveNotLoggedInFor90Days.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<="   $lltIntLimit   "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.cn};n='Display Name'},`
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'}

$users | Export-CSV -NoType $LogDir

CodePudding user response:

$NumDays = 90
$LogDir = ".\HaveNotLoggedInFor90Days.csv"

$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<="   $lltIntLimit   "))"

$users = $objstalesearcher.findall() | select `
@{e={$_.properties.cn};n='Display Name'},`
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},
@{e={[datetime]::FromFileTime($_.properties.pwdlastset[0])};n='Password last set'}

$users | Export-CSV -NoType $LogDir

CodePudding user response:

enter image description here

Thats is what I get and you should get the same :-) To simplify the code you could also use the PowerShell cmdlets for ActiveDirectory (RSAT):

$NumDays = 90
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()

$users = @(get-aduser -ldapfilter "(lastLogonTimeStamp<=$lltIntLimit)" -Properties passwordlastset,enabled,lastlogontimestamp,displayname)
$usersOutput = @(
    foreach ($u in $users){
        $attrsHt = @{
            DisplayName=$u.DisplayName
            UserName=$u.samaccountname
            LastLogon=[datetime]::FromFileTimeUtc($u.lastlogontimestamp)
            Enabled=$u.enabled
            PasswordLastSet=$u.passwordlastset
        }
        new-object -typename psobject -property $attrsht
    }
)

$usersOutput | export-csv -Delimiter ";" -NoClobber -NoTypeInformation -Encoding:utf8 -Path '.\HaveNotLoggedInFor90Days.csv'

Page link:https//www.codepudding.com/net/531232.html

Prev:Powershell Select and Use Specific Value
Next:PowerShell: convertfrom-securestring -securekey
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding