What is wrong with this code? Trying to pull pwLastSet date for all users in OU

Ron Walker jr 21 Reputation points

$verbosepreference = "continue"

$searchdate = '2020-07-02' #yyyy-MM-dd format
$searchbase = OU=365 - Insight Users,DC=ICPAZRDC2,DC=corp.****.com

$passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"

Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet
-searchbase $searchbase |
where { $.pwdLastSet -lt $passwordsNotChangedSince -and `
.pwdLastSet -ne 0 } |
Select-Object name,sAmAccountName,
} | Export-Csv c:\kits\test.csv

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,990 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,756 questions
No comments
{count} votes

Accepted answer
  1. SChalakov 9,376 Reputation points MVP


    I looked at the code and corrected some small syntax erros and now it is working (you need to adjust the $searchbase and if you want - the path to the csv):

    $verbosepreference = "continue"
    $searchdate = '2020-07-02' #yyyy-MM-dd format
    $searchbase = "OU=OU=365 - Insight Users,DC=Demo,DC=local"
    $passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
    write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"
    Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -searchbase $searchbase | where { ($_.pwdLastSet -lt $passwordsNotChangedSince) -and ($_.pwdLastSet -ne 0)} | Select-Object name,sAmAccountName,@{Name="PasswordLastSet";Expression={
    } | Export-Csv c:\temp\test1.csv

    I hope I could help out.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,

2 additional answers

Sort by: Most helpful
  1. Ron Walker jr 21 Reputation points


    Thanks for responding, but with this modified script I'm getting the following error. I'm not a strong PS user, so when you say change the $searchbase please explain?

    Please assist when possible.

    Get-ADUser : The supplied distinguishedName must belong to one of the following partition(s): 'DC=corp,DC=insightpartners,DC=com ,
    CN=Configuration,DC=corp,DC=insightpartners,DC=com , CN=Schema,CN=Configuration,DC=corp,DC=insightpartners,DC=com'.
    At line:1 char:2

    • Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -sea ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
    • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

  2. Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,771 Reputation points Microsoft Vendor


    According to the error message, the distinguishedName of the OU in $searchbase is not correct. Try getting it by running this

    (Get-ADOrganizationalUnit -LDAPFilter '(name=365 - Insight Users*)').distinguishedname  

    Best Regards,
    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.