windows/SharedScripts
1
0
Fork 0
mirror of https://github.com/jaapbrasser/SharedScripts.git synced 2025-12-24 21:51:38 +02:00
Code Activity

Added -SearchBase switch to limit search

Browse Source
This commit is contained in:
Jaap Brasser
2016-11-02 10:57:43 +01:00
parent 145ffe585a
commit b46cf1cbc7
1 changed files with 36 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
Get-UnchangedPwdlastset/Get-UnchangedPwdlastset.ps1
View File

@@ -6,29 +6,55 @@ Active Directory Script that queries for user accounts that have unchanged passw
This script will return the samaccountname, pwdlastset and if an account is currently enabled or disabled. This script is part of the Active Directory Friday section of my blog.
.NOTES
Name: Get-UnchangedPwdLastSet.ps1
Author: Jaap Brasser
Name: Get-UnchangedPwdLastSet.ps1
Author: Jaap Brasser
DateCreated: 2013-07-26
DateUpdated: 2015-09-21
Site: http://www.jaapbrasser.com
Site: http://www.jaapbrasser.com
.LINK
http://www.jaapbrasser.com/active-directory-friday-find-user-accounts-that-have-not-changed-password-in-90-days/
.PARAMETER PwdAge
The number of days since the password has been changed. This value defaults to 90.
The number of days since the password has been changed. This value defaults to 90
.PARAMETER SearchBase
The LDAP path of the OU that you would like to limit the search to
.EXAMPLE
.\Get-UnchangedPwdLastSet.ps1
Description
-----------
Returns the users that have unchanged passwords for longer than 90 days
.EXAMPLE
.\Get-UnchangedPwdLastSet.ps1 -PwdAge 180 -SearchBase 'LDAP://OU=Business,DC=jaapbrasser,DC=com'
Description
-----------
Returns the users with unchanged passwords for longer than 180 in the Business OU. This is a recursive search
#>
param (
$PwdAge = 90
[int] $PwdAge = 90,
[ValidatePattern('(?# OU Path should start with "LDAP://")^LDAP://.*')]
[string] $SearchBase
)
$PwdDate = (Get-Date).AddDays(-$PwdAge).ToFileTime()
(New-Object DirectoryServices.DirectorySearcher -Property @{
Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
$SearcherProps = @{
Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
PageSize = 500
}).FindAll() | ForEach-Object {
}
if ($SearchBase) {
$SearcherProps.SearchRoot = $SearchBase
}
(New-Object DirectoryServices.DirectorySearcher -Property $SearcherProps).FindAll() | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
samaccountname = $_.Properties.samaccountname -join ''
pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2)
pwdlastset = [datetime]::FromFileTime([long](-join $_.Properties.pwdlastset))
enabled = -not [bool]([long](-join $_.properties.useraccountcontrol) -band 2)
}
}