Comparison with passwordlastset and whencreated

Welcome Forums General PowerShell Q&A Comparison with passwordlastset and whencreated

Viewing 3 reply threads
  • Author
    Posts
    • #145620
      Participant
      Topics: 1
      Replies: 2
      Points: -2
      Rank: Member

      Trying to pull some data from AD and filter out users who have changed their temporary password but comparison operators do not seem to be working correctly for passwordlastset and whencreated we get data that should be filtered out. If they are the same they should be filtered out and they show up in the csv exactly the same.

       

       Get-ADUser -Filter * -SearchBase "OU=Bob,OU=Dole,DC=bob,DC=dole,DC=com" -properties * |
      select Givenname,Surname,Name,SamAccountName,Enabled,passwordlastset,@{Name="LastLogonTimeStamp";Expression={([datetime]::FromFileTime($_.LastLogonTimeStamp))}},whenCreated |
      Where {$_.whenCreated -gt $datecutoff} | Where {$_.passwordlastset -notlike $_.whenCreated} |
      
      Export-Csv ('C:\Powershell-Scripts\New-Student-Logon\New-Student-Logon.csv') -NoType >> $log

       

    • #146066
      Participant
      Topics: 23
      Replies: 160
      Points: 437
      Helping Hand
      Rank: Contributor

      -notlike requires wildcards

      I believe you should be using -notequal

    • #146108
      js
      Participant
      Topics: 27
      Replies: 716
      Points: 1,877
      Helping Hand
      Rank: Community Hero

      I think you mean -ne. passwordlastset and whencreated are only equal when every datetime property in them is equal, including Kind and Ticks.

      • #146112
        Participant
        Topics: 1
        Replies: 2
        Points: -2
        Rank: Member

        I think you mean -ne. passwordlastset and whencreated are only equal when every datetime property in them is equal, including Kind and Ticks.

        This is my issue despite the fields not displaying it, milliseconds are use in the comparison but if you use .totalsecounds you can see the fields are different by micro amounts. These accounts were auto made by a third party product in bulk which seems to cause them have a delay I could not replicate making individual accounts via AD

      • #146114
        js
        Participant
        Topics: 27
        Replies: 716
        Points: 1,877
        Helping Hand
        Rank: Community Hero

        How about comparing the less precise string versions of the dates:

         | Where {$_.passwordlastset.datetime -ne $_.whenCreated.datetime}
        
      • #146163
        Participant
        Topics: 1
        Replies: 2
        Points: -2
        Rank: Member

        well I went a different route:

        but I was able to fix my code by stripping out the extra data with following logic. It also let decrease precision more in case the minute or second rolled over.

        Where-object { ( $_.passwordlastset.tostring("yyyyMMddhhmm") – $_.whencreated.tostring("yyyyMMddhhmm") ) -gt 1 }

    • #146175
      js
      Participant
      Topics: 27
      Replies: 716
      Points: 1,877
      Helping Hand
      Rank: Community Hero

      I was trying to put everything inside the filter, but I was unsuccessful. I think LastLogonDate is the datetime version of LastLogonTimeStamp.

      You may want to take the absolute value of the difference, in case it's whencreated that's a little bigger.

      Where-object { [math]::abs( $_.passwordlastset.tostring("yyyyMMddhhmm") – 
        $_.whencreated.tostring("yyyyMMddhhmm") ) -gt 1 }
      
Viewing 3 reply threads
  • The topic ‘Comparison with passwordlastset and whencreated’ is closed to new replies.