Share via

need a powershell script to get passwordlastchanged from local user accounts across multiple computers

Shawn James 21 Reputation points
2021-11-10T22:03:25.847+00:00

i need to be able to get the password last changed date added to the table of user accounts in this script.
I have a script that will go into AD and pull all the computer accounts out, then ping each computer and if its alive WMIC to it and pull all the user accounts. it looks at AD for all computer accounts and outputs that to a CSV, then it uses that csv for the list of computers to go pull local accounts from. the table currently lists the computer name, account, and a few other details. i tried to add PwdLastSet and PasswordLastSet in my select statement but it just comes up empty. any ideas?

thanks,

Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemVersion,ipv4Address | Export-CSV ADcomputerslist.csv -NoTypeInformation -Encoding UTF8

$server_list = Import-Csv -Path .\ADcomputerslist.csv

foreach ($Name in $server_list){
$Online = Test-Connection -ComputerName ($server_list.Name) -Quiet
if ($Online -eq "True")
{
Get-WmiObject -ComputerName ($server_list.Name) -Class Win32_UserAccount -Filter "LocalAccount = $true" |
Select-Object PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable |
Export-CSV LocalAccount.csv
}
}

Windows for business | Windows Server | User experience | PowerShell
Windows for business | Windows Server | User experience | Other
Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments
Answer accepted by question author
  1. Rich Matheisen 48,026 Reputation points
    2021-11-11T15:27:06.873+00:00

    The property you want isn't available in the object returned by WMI (but you knew that). So, what you want needs help from the Get-LocalUser cmdlet.

    Here's a rearranged (and slightly enhanced) version of the code I posted earlier. 

    $server_list = Get-ADComputer -Filter * | 
                Select-Object Name,OperatingSystem,OperatingSystemVersion,ipv4Address 
$server_list | 
    Export-CSV ADcomputerslist.csv -NoTypeInformation -Encoding UTF8

Invoke-Command -ComputerName $server_list -ScriptBlock {        # NOTE: if the local machine is in $server_list it will generate an error.
        $props = @{
            PSComputername = ""
            Name = ""
            Status = ""
            Disabled = ""
            AccountType = ""
            Lockout = ""
            PasswordRequired = ""
            PasswordChangeable = ""
            PasswordLastSet = ""
        }
        Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount = $true" -ErrorAction Continue 2>&1 |
            ForEach-Object{
                if ($_.pstypenames -contains "System.Management.Automation.ErrorRecord"){
                    # skip any errors
                    # if you want to report errors, the entire ErrorRecord is available in $_
                }
                else {
                    $props.PSComputername = $_.PSComputername
                    $props.Name = $_.name
                    $props.Status = $_.Status
                    $props.Disabled = $_.Disabled
                    $props.AccountType = $_.AccountType
                    $props.Lockout = $_.Lockout
                    $props.PasswordRequired = $_.PasswordRequired
                    $props.PasswordChangeable = $_.PasswordChangeable
                    $props.PasswordLastSet = (Get-LocalUser $_.Name).PasswordLastSet
                }
                [PSCustomObject]$props
            }
} | Export-Csv LocalAccount.csv -NoTypeInformation
    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shawn James 21 Reputation points
    2021-11-11T18:30:25.693+00:00

    Thank you again! ill try your suggestion. for now i think i have a solution and hopefully anyone else looking for the same can make these two work. much appreciated!

    0 comments
  2. Georg Matviak 181 Reputation points
    2021-11-12T16:36:33.627+00:00

    Hello ShawnJames-7235,

    The Get-LocalUser cmdlet gets local user accounts. This cmdlet gets default built-in user accounts, local user accounts that you created, and local accounts that you connected to Microsoft accounts.

    PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.

    Do check out the below link for Better understanding.

    https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/get-localuser?view=powershell-5.1#notes

    Hope this answers all your queries, if not please do repost back.

    ----

    --If an Answer is helpful, please click "Accept Answer" and upvote it--

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.