locked
AD Report using Powershell RRS feed

  • Question

  • Hello,

    I have some what of a complex question and situation. I want to know if there is a way to query AD using Powershell with the following criteria:

    1. User Account is Enabled

    and

    2. User Account has not logged in the past 90 days.

    or

    3. User Account is Enabled 

    and

    4. User Password is not set to never expire

    and

    5. User Password is expired

    The output would display the users: displayname, lastLogonDate, and pwdage (and if possible the exact amount of days since the user last logged on.)

    I have numbers 1 & 2 down, but do not know how to incorporate 3-5 to have it all display in one .csv export.

    Here is what I have thus far:

    import-module activedirectory

    Search-ADAccount -AccountInactive -TimeSpan 90 -UsersOnly -SearchBase "OU=User Accounts,DC=domain,DC=com" | Where-Object { $_.Enabled -eq $true } | Select-object Name, SamAccountName, LastLogonDate, PwAge | export-csv "c:\export.csv"

    Saturday, March 17, 2018 6:43 AM

All replies

  • 1 and 3 are identical.

    4 & 5 are mutually exclusive.

    From your criteria what you ask is not possible.


    \_(ツ)_/

    Saturday, March 17, 2018 8:37 AM
  • Hello,

    For password never expires below is the script:

    Search-ADAccount -PasswordNeverExpires -UsersOnly -ResultPageSize 2000 -resultSetSize $null | Select-Object Name, SamAccountName, DistinguishedName | Export-CSV “C:\Temp\PassNeverExpiresUsers.CSV” -NoTypeInformation


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Udit

    Saturday, March 17, 2018 11:03 AM
  • Get-ADUser -Filter * -Properties Enabled, LastLogonDate,PasswordNeverExpires,PasswordExpired | Where-Object {($_.Enabled -eq $true -and $_.LastLogonDate -lt (Get-Date).AddDays(-90)) -or
    ($_.Enabled -eq $true -and $_.PasswordNeverExpires -eq $false -and $_.PasswordExpired -eq $true)} | Select-Object *, @{Name='DaysSinceLastLogon';Expression={(Get-Date) - $_.LastLogonDate}}
    Here you are
    Monday, March 19, 2018 4:14 PM