Wednesday, November 19, 2014

Whose password is about to expire?

Working with dozens of different customers, I have seen this request come up a lot, so I came up with a few ways to collect this information and you can modify and run with your own version as required.

Many groups I have worked with have asked for lists of users whose passwords were on the verge of expiring. Here a few of the most common methods I have shared with them:

To get a list of users in an OU whose passwords are older than 30 days, try this in PowerShell. Add desired return fields to the select section as desired:

Get-ADUser -SearchBase "ou=targetou,dc=domain,dc=com" -filter * -Properties * | select Displayname, PasswordLastSet | Where-Object {$_.PasswordLastSet -lt (Get-Date).AddDays(-30)}

If you have a list of login names in a text file for users scattered throughout the directory, you can try this:

Get-Content .\users.txt | ForEach-Object {Get-ADUser $_ -Properties * | select Displayname, PasswordLastSet} | Where-Object {$_.PasswordLastSet -lt (Get-Date).AddDays(-30)}

Sometimes, you get a list of "user names" that is actually a list of email addresses, in which case you can try this (and you can choose your own attribute filter if needed):

Get-Content .\emailaddress.txt | ForEach-Object {Get-ADUser -Filter {EmailAddress -eq $_} -Properties * | select SamAccountName, DisplayName, PasswordLastSet, EmailAddress} | Where-Object {$_.PasswordLastSet -lt (Get-Date).AddDays(-30)}

That should be a good jumping off point. Enjoy!!

"I have the POWER!!" (guess...)

- Peter Trast, MCITP EA, MCITP DBA, MCT LinkIn with Peter

No comments:

Post a Comment