Getting badpasswordtime attribute

Welcome Forums General PowerShell Q&A Getting badpasswordtime attribute

This topic contains 2 replies, has 2 voices, and was last updated by

1 year, 7 months ago.

  • Author
  • #74716

    Points: 0
    Rank: Member

    Hello there
    I'm trying to get users who have badpasswordtime updated within past 10 days.
    I have the following:

    $date = ((Get-Date).AddDays(-10)).ToString('g')
    Get-ADUser -Filter "(badpasswordtime -gt '$date')" -SearchBase "OU=Corporate,OU=SomeUserOU,DC=domain,DC=local" -Property badpasswordtime -server someGC

    For some strange reason it doesn't work... now, if I replace badpasswordtime with pwdlastset it works fine, any ideas?
    Thank you

  • #74719

    Points: 41
    Rank: Member

    Are you sure it worked for pwdLastSet rather than PasswordLastSet?

    pwdLastSet and badPasswordTime are stored as Int64 objects. PasswordLastSet and LastBadPasswordAttempt are stored as DateTime objects.

    For your comparison, where $date represents a DateTime object, you should do your comparison against LastBadPasswordAttempt.

    Alternatively, if you have to compare against badPasswordTime, use the ToFileTime() method to convert your date to the correct format:

    $date = ((Get-Date).AddDays(-10)).ToFileTime()
    • #74745

      Points: 0
      Rank: Member

      ugh, got those two attributes confused, it worked with passwordlastset, but not with pwdlastset. Converting it to Int64 worked, thank you very much!

The topic ‘Getting badpasswordtime attribute’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort