Help

This topic contains 4 replies, has 2 voices, and was last updated by  Jeremy Murrah 2 weeks, 5 days ago.

  • Author
    Posts
  • #83285

    Aaron Childers
    Participant

    I have the current power shell that works to add users to groups based on the condition that they are in a city and department. What I'd like to do is expand on that to filter down to only users who's accounts are older than 90 days. Can anyone help?

    get-aduser -filter{city -eq "City" -And department -eq "Whatever" -Or department -eq "Whatever2" } -SearchBase "MY OU INFO" | %{Add-ADGroupMember "Always" $_.SamAccountName}

  • #83297

    Jeremy Murrah
    Participant

    First off, what exactly do you mean by "older than 90 days"? That could be creation date, last logon date, last password change, etc. So for argument's sake lets go with creation date. Since that property is a datetimeobject, we can subtract it from the current date to get the age:

    $age = ($(get-date) - $user.whencreated).days
    

    probably the easiest way to do that is with the where-object cmdlet. Before you pipe the get-aduser output over to the add-adgroupmember cmdlet, instead pipe it over to where-object first like so:

    get-aduser -properties whencreated -filter{city -eq "City" -And department -eq "Whatever" -Or department -eq "Whatever2" } -SearchBase "MY OU INFO" | where-object{($(get-date) - $_.whencreated).days -ge 90} | %{Add-ADGroupMember "Always" $_.SamAccountName}
    
    • #83348

      Aaron Childers
      Participant

      Are you sure get-date can subtract from when created. They are in a different date format.

      Example:
      whencreated : 10/27/2017 4:06:14 PM

      PS C:\Windows\system32> Get-Date

      Wednesday, November 1, 2017 7:42:38 AM

    • #83350

      Aaron Childers
      Participant

      I think I could use get-date -format d to get them to match up. But I am still not sure where I would insert the 90 days into all of it.

  • #83363

    Jeremy Murrah
    Participant

    Yep, that's one of the great things about powershell. While both of those values look different they're both objects of the type DateTime. So behind the scenes they are structured the same, and powershell knows exactly what to do when you do things like subtraction and addition. Do this real quick to create a couple of test variables.

    $CreationDate = get-aduser testuser -properties whencreated | select -expandproperty whencreated
    $CurrentDate = get-date
    

    Now you'll probably see that they look similar. But more importantly if you run these commands you'll see they both contain all the same properties.

    $creationdate | format-list *
    $CurrentDate | format-list *
    

    All the formatting stuff is really just for your eyeballs. Powershell still maintains the complete unformatted object for other operations. Now as for getting the days, what we're doing when we subtract one date from the other is having powershell create a new object of type TimeSpan. To addon to the above example, run this:

    $timespan = $currentdate - $creationdate
    $timespan | format-list *
    

    So there you can see all the properties of the timespan object. One of those properties is days, which we can reference like any object property

    $timespan.days
    

    And that value is just an integer count of the number of days between the two date objects in the beginning example, so you can do your standard math operators on that.

You must be logged in to reply to this topic.