What is wrong with this code? Trying to pull pwLastSet date for all users in OU

Ron Walker jr 21 Reputation points

$verbosepreference = "continue"

$searchdate = '2020-07-02' #yyyy-MM-dd format
$searchbase = OU=365 - Insight Users,DC=ICPAZRDC2,DC=corp.****.com

$passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"

Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet
-searchbase $searchbase |
where { $.pwdLastSet -lt $passwordsNotChangedSince -and `
.pwdLastSet -ne 0 } |
Select-Object name,sAmAccountName,
} | Export-Csv c:\kits\test.csv

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,944 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,734 questions
No comments
{count} votes

Accepted answer
  1. SChalakov 9,141 Reputation points MVP


    I looked at the code and corrected some small syntax erros and now it is working (you need to adjust the $searchbase and if you want - the path to the csv):

    $verbosepreference = "continue"
    $searchdate = '2020-07-02' #yyyy-MM-dd format
    $searchbase = "OU=OU=365 - Insight Users,DC=Demo,DC=local"
    $passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
    write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"
    Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -searchbase $searchbase | where { ($_.pwdLastSet -lt $passwordsNotChangedSince) -and ($_.pwdLastSet -ne 0)} | Select-Object name,sAmAccountName,@{Name="PasswordLastSet";Expression={
    } | Export-Csv c:\temp\test1.csv

    I hope I could help out.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Best regards,

2 additional answers

Sort by: Newest
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,766 Reputation points Microsoft Vendor


    According to the error message, the distinguishedName of the OU in $searchbase is not correct. Try getting it by running this

    (Get-ADOrganizationalUnit -LDAPFilter '(name=365 - Insight Users*)').distinguishedname  

    Best Regards,
    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Ron Walker jr 21 Reputation points


    Thanks for responding, but with this modified script I'm getting the following error. I'm not a strong PS user, so when you say change the $searchbase please explain?

    Please assist when possible.

    Get-ADUser : The supplied distinguishedName must belong to one of the following partition(s): 'DC=corp,DC=insightpartners,DC=com ,
    CN=Configuration,DC=corp,DC=insightpartners,DC=com , CN=Schema,CN=Configuration,DC=corp,DC=insightpartners,DC=com'.
    At line:1 char:2

    • Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -sea ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
    • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser