locked
Query for user accounts that have changed passwords in past 7 days RRS feed

  • Question

  • Hi,

    I have a query in below powershell script. My intention is to collect Active Directory user account details whose password is been changed past 7 days and also to confirm whether the account is enabled or disabled. From below script I am able to get the account status, but not able to collect the users details who have changed the password in past 7 days.

    Can anyone please help me to correct this ?

    param (

        $PwdAge = 7
    )
    $PwdDate = (Get-Date).AddDays(-$PwdAge).ToFileTime()
    (New-Object DirectoryServices.DirectorySearcher -Property @{
        Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
        PageSize = 500
    }).FindAll() | ForEach-Object {
        New-Object -TypeName PSCustomObject -Property @{
             samaccountname = [ADSI]'LDAP://cn=users,dc=oradev,dc=oracleorp,dc=com' 
            pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
            enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2)
        }
    }


    Thursday, June 30, 2016 2:45 PM

Answers

  • Get-ADUser -Filter "PasswordLastSet -gt '$($(Get-Date).AddDays(-7))'" -Properties PasswordLastSet |
        Select Name,SamAccountName,PasswordLastSet,Enabled


    • Proposed as answer by Vincent Karunaidas Thursday, June 30, 2016 5:30 PM
    • Marked as answer by Mcteer Friday, July 1, 2016 4:29 AM
    Thursday, June 30, 2016 3:05 PM

All replies

  • Get-ADUser -Filter "PasswordLastSet -gt '$($(Get-Date).AddDays(-7))'" -Properties PasswordLastSet |
        Select Name,SamAccountName,PasswordLastSet,Enabled


    • Proposed as answer by Vincent Karunaidas Thursday, June 30, 2016 5:30 PM
    • Marked as answer by Mcteer Friday, July 1, 2016 4:29 AM
    Thursday, June 30, 2016 3:05 PM
  • Mcteer, your filter clause for pwdLastSet uses "<=" when it should be ">=". You want accounts where the password was last set after 7 days ago (from your description).

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, June 30, 2016 5:47 PM
  • Thanks a lot Mike, This works well

    Friday, July 1, 2016 4:23 AM
  • Cheers, you're very welcome.

    Friday, July 1, 2016 12:33 PM