Forum Discussion
AD active users who have not changed passwords in last 6 months
I am looking to see if someone can help or modify what is below to return me the value of active users in AD that have not changed passwords in last x amount of months. I found this in a microsof...
Hi
This is a quick one.
$d = [DateTime]::Today.AddDays(-180) Get-ADUser -Filter '((PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)) -and ((UserAccountControl -eq 512) -or (UserAccountControl -eq 66048)) ' -Properties PasswordLastSet,LastLogonTimestamp,UserAccountControl | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}The Key is with an AD attribute named UserAccountControl. if the value of this attribute was 512 this mean that the user is active
if the value was 66048 this mean that the user is active with password never expires.
Try it
If this answer help, please click on Best Respone.
Hi
This is a quick one.
$d = [DateTime]::Today.AddDays(-180)
Get-ADUser -Filter '((PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)) -and ((UserAccountControl -eq 512) -or (UserAccountControl -eq 66048)) ' -Properties PasswordLastSet,LastLogonTimestamp,UserAccountControl | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}The Key is with an AD attribute named UserAccountControl. if the value of this attribute was 512 this mean that the user is active
if the value was 66048 this mean that the user is active with password never expires.
Try it
If this answer help, please click on Best Respone.
Thank you, this worked!
