locked
Need help in fixing DN from Canonical name and the Timestamp is always set at: 1/01/1601 11:00:00 AM? RRS feed

  • Question

  • Hi People,

    I'd like to get some assistance in fixing the PowerShell script below to list the member of an AD security group called Domain Admins and export it to.CSV file.

    $ADGroupType = 'security'
    $ADGroupNamePattern = 'Domain Admins'
    $ResultFile = "C:\Admin.csv"
    
    function ConvertFrom-DN {
        [cmdletbinding()]
        param(
        [Parameter(Mandatory,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)] 
        [ValidateNotNullOrEmpty()]
        [string[]]$DistinguishedName
        )
        process {
            foreach ($DN in $DistinguishedName) {
            Write-Verbose $DN
                foreach ( $item in ($DN.replace('\,','~').split(","))) {
                    switch ($item.TrimStart().Substring(0,2)) {
                        'CN' {$CN = '/' + $item.Replace("CN=","")}
                        'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'}
                        'DC' {$DC += $item.Replace("DC=","");$DC += '.'}
                    }
                } 
                $CanonicalName = $DC.Substring(0,$DC.length - 1)
                for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]}
                if ( $DN.Substring(0,2) -eq 'CN' ) {
                    $CanonicalName += $CN.Replace('~','\,')
                }
                $qwer = [PSCustomObject]@{
    			    'CanonicalName' = $CanonicalName;
    		    }
                Write-Output $qwer
    
            }
        }
    }
    
    Function Get-ADGroupMemberRecursive {
    [CmdletBinding()]
    Param(
    	[Parameter(ValueFromPipeline=$true)]
    	$Identity,
    	[string[]]$Property
    )
    	Begin {
    		$splat = @{}
    		If ($Property) {$splat['Property'] = $Property}
    	}
    	Process {
    		Get-ADGroupMember -Identity $Identity | ForEach-Object {
    			If ($_.objectClass -eq 'User') {
    				Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp
    			} ElseIf ($_.objectClass -eq 'Group') {
    				Get-ADGroupMemberRecursive -Identity $_ @splat
    			}
    		}
    	}
    }
    
    Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" |
    	Get-ADGroupMemberRecursive -Property Mail |
    	Select-Object Group, 
            Name, 
            SamAccountName, 
            Mail, 
            whenCreated, 
            @{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}},
            @{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}}, 
            @{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}}  |
    	Export-Csv -Path $ResultFile -NoTypeInformation
    
    ii $ResultFile

    The problem with the script above is:

    1. The LastLogon date/time stamp is always showing as 1/01/1601 11:00:00 AM.
    2. The column that is filled correctly is just the AD Group Name and the TimeStamp like above?

    Thank you so much in advance.


    /* Server Support Specialist */

    Tuesday, March 19, 2019 12:21 PM

All replies

  • First look: seems like u didn't specify, that u want that attribute at all.   LastLogonTimeStamp isn't default property like Distinguishedname, Enabled...   

    Modify your wanted properties  (u just specified mail).   Year 1601 means its NULL/EMPTY..


    • Edited by Mekac Tuesday, March 19, 2019 1:00 PM
    • Proposed as answer by jrv Wednesday, March 20, 2019 12:50 AM
    Tuesday, March 19, 2019 12:59 PM
  • Also, instead of retrieving lastLogonTimestamp, which is a 64-bit integer that requires code to convert into a datetime, retrieve the LastLogonDate PowerShell property, which does the conversion into the local time zone for you. Much simpler.

    The LastLogonDate property is also not a default, so should be specified with the -Properties parameter.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Proposed as answer by jrv Wednesday, March 20, 2019 12:50 AM
    Tuesday, March 19, 2019 1:55 PM
  • Get-AdGroupMember <group> -Recursive

    You should always read the complete help for every CmdLet you wish to use.


    \_(ツ)_/

    Wednesday, March 20, 2019 12:50 AM