SOLVED

AD active users who have not changed passwords in last 6 months

Copper Contributor

I am looking to see if someone can help or modify what is below to return me the value of active users in AD that have not changed passwords in last x amount of months.

 

I found this in a microsoft document and works well however brings in all users. 

$d = [DateTime]::Today.AddDays(-180)

Get-ADUser -Filter '(PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)' -Properties PasswordLastSet,LastLogonTimestamp | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}

 

Any help is appreciated. 

 

 

2 Replies
best response confirmed by dmk199 (Copper Contributor)
Solution

@dmk199 

Hi

This is a quick one. 

$d = [DateTime]::Today.AddDays(-180)

Get-ADUser -Filter '((PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)) -and ((UserAccountControl -eq 512) -or (UserAccountControl -eq 66048)) ' -Properties PasswordLastSet,LastLogonTimestamp,UserAccountControl | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}

The Key is with an AD attribute named UserAccountControl. if the value of this attribute was 512 this mean that the user is active 

if the value was 66048 this mean that the user is active with password never expires.

Try it

 

 

If this answer help, please click on Best Respone.

 

Thank you, this worked!
1 best response

Accepted Solutions
best response confirmed by dmk199 (Copper Contributor)
Solution

@dmk199 

Hi

This is a quick one. 

$d = [DateTime]::Today.AddDays(-180)

Get-ADUser -Filter '((PasswordLastSet -lt $d) -or (LastLogonTimestamp -lt $d)) -and ((UserAccountControl -eq 512) -or (UserAccountControl -eq 66048)) ' -Properties PasswordLastSet,LastLogonTimestamp,UserAccountControl | ft Name,PasswordLastSet,@{N="LastLogonTimestamp";E={[datetime]::FromFileTime($_.LastLogonTimestamp)}}

The Key is with an AD attribute named UserAccountControl. if the value of this attribute was 512 this mean that the user is active 

if the value was 66048 this mean that the user is active with password never expires.

Try it

 

 

If this answer help, please click on Best Respone.

 

View solution in original post