This script was written by someone else and is completely beyond me, I would like to also get pwdlastset added to the output.
$NumDays = 90
$LogDir = ".\HaveNotLoggedInFor90Days.csv"
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" $lltIntLimit "))"
$users = $objstalesearcher.findall() | select `
@{e={$_.properties.cn};n='Display Name'},`
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'}
$users | Export-CSV -NoType $LogDir
CodePudding user response:
$NumDays = 90
$LogDir = ".\HaveNotLoggedInFor90Days.csv"
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]''
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" $lltIntLimit "))"
$users = $objstalesearcher.findall() | select `
@{e={$_.properties.cn};n='Display Name'},`
@{e={$_.properties.samaccountname};n='Username'},`
@{e={[datetime]::FromFileTimeUtc([int64]$_.properties.lastlogontimestamp[0])};n='Last Logon'},`
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget('AccountDisabled')};n='Account Is Disabled'},
@{e={[datetime]::FromFileTime($_.properties.pwdlastset[0])};n='Password last set'}
$users | Export-CSV -NoType $LogDir
CodePudding user response:
Thats is what I get and you should get the same :-) To simplify the code you could also use the PowerShell cmdlets for ActiveDirectory (RSAT):
$NumDays = 90
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$users = @(get-aduser -ldapfilter "(lastLogonTimeStamp<=$lltIntLimit)" -Properties passwordlastset,enabled,lastlogontimestamp,displayname)
$usersOutput = @(
foreach ($u in $users){
$attrsHt = @{
DisplayName=$u.DisplayName
UserName=$u.samaccountname
LastLogon=[datetime]::FromFileTimeUtc($u.lastlogontimestamp)
Enabled=$u.enabled
PasswordLastSet=$u.passwordlastset
}
new-object -typename psobject -property $attrsht
}
)
$usersOutput | export-csv -Delimiter ";" -NoClobber -NoTypeInformation -Encoding:utf8 -Path '.\HaveNotLoggedInFor90Days.csv'