Comparison with passwordlastset and whencreated

Welcome Forums General PowerShell Q&A Comparison with passwordlastset and whencreated

This topic contains 6 replies, has 3 voices, and was last updated by

js
 
Participant
3 months ago.

  • Author
    Posts
  • #145620

    Participant
    Topics: 1
    Replies: 2
    Points: -2
    Rank: Member

    Trying to pull some data from AD and filter out users who have changed their temporary password but comparison operators do not seem to be working correctly for passwordlastset and whencreated we get data that should be filtered out. If they are the same they should be filtered out and they show up in the csv exactly the same.

     

     Get-ADUser -Filter * -SearchBase "OU=Bob,OU=Dole,DC=bob,DC=dole,DC=com" -properties * |
    select Givenname,Surname,Name,SamAccountName,Enabled,passwordlastset,@{Name="LastLogonTimeStamp";Expression={([datetime]::FromFileTime($_.LastLogonTimeStamp))}},whenCreated |
    Where {$_.whenCreated -gt $datecutoff} | Where {$_.passwordlastset -notlike $_.whenCreated} |
    
    Export-Csv ('C:\Powershell-Scripts\New-Student-Logon\New-Student-Logon.csv') -NoType >> $log

     

  • #146066

    Participant
    Topics: 23
    Replies: 146
    Points: 300
    Helping Hand
    Rank: Contributor

    -notlike requires wildcards

    I believe you should be using -notequal

  • #146108
    js

    Participant
    Topics: 22
    Replies: 619
    Points: 1,285
    Helping Hand
    Rank: Community Hero

    I think you mean -ne. passwordlastset and whencreated are only equal when every datetime property in them is equal, including Kind and Ticks.

    • #146112

      Participant
      Topics: 1
      Replies: 2
      Points: -2
      Rank: Member

      I think you mean -ne. passwordlastset and whencreated are only equal when every datetime property in them is equal, including Kind and Ticks.

      This is my issue despite the fields not displaying it, milliseconds are use in the comparison but if you use .totalsecounds you can see the fields are different by micro amounts. These accounts were auto made by a third party product in bulk which seems to cause them have a delay I could not replicate making individual accounts via AD

    • #146114
      js

      Participant
      Topics: 22
      Replies: 619
      Points: 1,285
      Helping Hand
      Rank: Community Hero

      How about comparing the less precise string versions of the dates:

       | Where {$_.passwordlastset.datetime -ne $_.whenCreated.datetime}
      
    • #146163

      Participant
      Topics: 1
      Replies: 2
      Points: -2
      Rank: Member

      well I went a different route:

      but I was able to fix my code by stripping out the extra data with following logic. It also let decrease precision more in case the minute or second rolled over.

      Where-object { ( $_.passwordlastset.tostring("yyyyMMddhhmm") – $_.whencreated.tostring("yyyyMMddhhmm") ) -gt 1 }

  • #146175
    js

    Participant
    Topics: 22
    Replies: 619
    Points: 1,285
    Helping Hand
    Rank: Community Hero

    I was trying to put everything inside the filter, but I was unsuccessful. I think LastLogonDate is the datetime version of LastLogonTimeStamp.

    You may want to take the absolute value of the difference, in case it's whencreated that's a little bigger.

    Where-object { [math]::abs( $_.passwordlastset.tostring("yyyyMMddhhmm") – 
      $_.whencreated.tostring("yyyyMMddhhmm") ) -gt 1 }
    

You must be logged in to reply to this topic.