none
Search-Adaccount expired 10 days ago RRS feed

  • Question

  • I'm looking to get a script that selects all users whoms account expired 10 days ago (or more). The script i've started dosent seem to pay attention to the 'where-object' part as it returns accounts with an expiration date closer than 10 days. 

    $date = (get-date).AddDays(-10).ToString("yyy/MM/dd")

    Search-ADAccount -UsersOnly -SearchBase "ou=xx,ou=xx,ou=xx,dc=xx,dc=xx" -AccountExpired | Where-Object {$_.AccountExpirationDate -le $date} 

    Br,

    Monday, January 23, 2017 1:32 PM

Answers

  • If you want the date with out the hours, convert into a datetime, similar to:

    $Date = [datetime](Get-Date).AddDays(-10).ToShortDateString()
    

    But a better way might be to use the -AccountExpiring parameter. This way you only retrieve the accounts you need:

    $Date = [datetime](Get-Date).AddDays(-10).ToShortDateString()
    Search-ADAccount -AccountExpiring -DateTime $Date
    
    Although I have not tested this with dates in the past.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Dan-Metronome Monday, January 23, 2017 3:27 PM
    Monday, January 23, 2017 3:21 PM
    Moderator

All replies

  • You have converted the datetime value into a string, which probably means the value is interpreted as yyy divided by MM and divided by dd. If for some reason you need to ignore the time part, you probably need to convert the value back into a datetime. Or find some other way to change the time to 00:00:00.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, January 23, 2017 1:47 PM
    Moderator
  • How would you go about to get only accounts that expired 10 days or more ago?
    Monday, January 23, 2017 2:57 PM
  • If you want the date with out the hours, convert into a datetime, similar to:

    $Date = [datetime](Get-Date).AddDays(-10).ToShortDateString()
    

    But a better way might be to use the -AccountExpiring parameter. This way you only retrieve the accounts you need:

    $Date = [datetime](Get-Date).AddDays(-10).ToShortDateString()
    Search-ADAccount -AccountExpiring -DateTime $Date
    
    Although I have not tested this with dates in the past.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Dan-Metronome Monday, January 23, 2017 3:27 PM
    Monday, January 23, 2017 3:21 PM
    Moderator
  • Thanks!

    Monday, January 23, 2017 3:27 PM

  • Search-ADAccount -AccountExpiring -DateTime ([datetime]::today.AddDays(-10))

    PowerShell understands datetime objects.  Just use them directly.


    \_(ツ)_/


    • Edited by jrv Monday, January 23, 2017 4:11 PM
    Monday, January 23, 2017 4:09 PM