Share via

What is wrong with this code? Trying to pull pwLastSet date for all users in OU

Ron Walker jr 21 Reputation points
2021-04-29T16:02:54.76+00:00

$verbosepreference = "continue"

$searchdate = '2020-07-02' #yyyy-MM-dd format
$searchbase = OU=365 - Insight Users,DC=ICPAZRDC2,DC=corp.****.com

$passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"

Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet
-searchbase $searchbase |
where { $.pwdLastSet -lt $passwordsNotChangedSince -and `
$.pwdLastSet -ne 0 } |
Select-Object name,sAmAccountName,
@{Name="PasswordLastSet";Expression={
[datetime]::FromFileTimeUTC($_.pwdLastSet)
}
} | Export-Csv c:\kits\test.csv

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
0 comments
Accepted answer
  1. SChalakov 10,576 Reputation points MVP Volunteer Moderator
    2021-04-29T18:00:24.39+00:00

    Hi,

    I looked at the code and corrected some small syntax erros and now it is working (you need to adjust the $searchbase and if you want - the path to the csv): 

    $verbosepreference = "continue"

$searchdate = '2020-07-02' #yyyy-MM-dd format
$searchbase = "OU=OU=365 - Insight Users,DC=Demo,DC=local"

$passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"

Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -searchbase $searchbase | where { ($_.pwdLastSet -lt $passwordsNotChangedSince) -and ($_.pwdLastSet -ne 0)} | Select-Object name,sAmAccountName,@{Name="PasswordLastSet";Expression={
[datetime]::FromFileTimeUTC($_.pwdLastSet)
}
} | Export-Csv c:\temp\test1.csv

    I hope I could help out.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,
    Stoyan

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ron Walker jr 21 Reputation points
    2021-04-29T20:41:19.747+00:00

    Stoyan,

    Thanks for responding, but with this modified script I'm getting the following error. I'm not a strong PS user, so when you say change the $searchbase please explain?

    Please assist when possible.

    Get-ADUser : The supplied distinguishedName must belong to one of the following partition(s): 'DC=corp,DC=insightpartners,DC=com ,
    CN=Configuration,DC=corp,DC=insightpartners,DC=com , CN=Schema,CN=Configuration,DC=corp,DC=insightpartners,DC=com'.
    At line:1 char:2

    • Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -sea ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
    • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  2. Anonymous
    2021-04-30T06:47:00.763+00:00

    Hi,

    According to the error message, the distinguishedName of the OU in $searchbase is not correct. Try getting it by running this 

    (Get-ADOrganizationalUnit -LDAPFilter '(name=365 - Insight Users*)').distinguishedname

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.