Author Posts

August 13, 2015 at 6:23 am

We are utilizing some extended attributes on computer objects to monitor/report on membership of a security group to exclude them from a security policy. I am trying to write a report up to send a weekly email highlighting which ones will be expiring soon, but I can't even get off the ground here. 🙁

The date/time is not reporting correctly at all when I Write-Host within the if's comparison operator, so either my logic is incorrect, or I'm simply going about this the wrong way.

08/14/2015 08:06:09 is less than 08/20/2015 09:16:05
COMP1 Expiring Soon!
02/07/2016 21:17:49 is less than 08/20/2015 09:16:05
COMP2 Expiring Soon!
09/11/2015 08:22:16 is greater than 08/20/2015 09:16:05
COMP3 not expiring soon
09/10/2015 14:53:52 is greater than 08/20/2015 09:16:05
COMP4 not expiring soon
02/07/2016 20:38:41 is less than 08/20/2015 09:16:05
COMP5 Expiring Soon!
08/18/2015 14:53:07 is less than 08/20/2015 09:16:05
COMP6 Expiring Soon!
Import-Module ActiveDirectory
$expiresSoon = (Get-Date).AddDays(7)
$computers = Get-ADGroupMember "TestGroup" | select -expandproperty name
foreach ($computer in $computers)
{
	$computerInfo = Get-ADComputer $computer -properties type, info, comment, wbempath, title, name, samaccountname
	$computerComment = $computerInfo | select -ExpandProperty comment
	if ($computerInfo.comment -lt $expiresSoon)
	{
		Write-Host "$computercomment is less than $expiresSoon"
		Write-Host "$computer Expiring Soon!" -foregroundcolor yellow
	}
	else
	{
		Write-Host "$computercomment is greater than $expiresSoon"
		Write-Host "$computer not expiring soon" -ForegroundColor Green	
	}
}

The Set-ADComputer comment attribute I'm specifically referencing here is part of another script. That command is:

$expirationDate = $date.AddDays($exclusionDuration) #exclusionDuration is an integer
Set-ADComputer $computerName -Add @{ Comment = "$expirationDate"}

August 13, 2015 at 6:34 am

I'm assuming $computerInfo.comment has the date, but it's very likely coming in as a string. Have you tried...

[datetime]$x = $computerInfo.comment

To try and force it into an actual date type?

I'd also suggest modifying your Set-ADComputer to something like...

Set-ADComputer $computerName -Add @{ Comment = "$($expirationDate.ToLongDateString())"}

Point, being, you want to make sure you're storing the date in a format that [datetime] can later recognize and turn back into an actual date/time type.

August 13, 2015 at 6:43 am

I think you should check the type of 'comment'. I suppose this is now a string, and the two dates are compared alphabetically: "02/..." is less than "08/...". You probably have to convert 'comment' to a date before comparing.

August 13, 2015 at 6:44 am

Holy smokes, I never thought about the need to cast that variable as a datetime object.

I just implemented that and it worked beautifully on the 70+ objects in that group.

I don't know why I chose to not explicitly set that in the first Set-ADComputer script. The hash table "report" I'm Write-Outputting so our CS team can confirm it worked correctly shouldn't have a problem with that, but I'll definitely test that and put it in v2 of that script.

Thanks again, Don!