Isolating results by date range is eluding me...

This topic contains 5 replies, has 2 voices, and was last updated by  Curtis Smith 1 year, 10 months ago.

  • Author
    Posts
  • #31731

    Rob Katz
    Participant

    I'm searching for users who have passwords expiring in the next seven days. everything works but the 'where'. I'm specifying a low and high range for the dates, but I'm getting everything instead of just the seven days I want... what am I missing

    #get max password age policy
    $maxPwdAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

    #Today's Date
    $maxPwdDate=(get-date).AddDays(-$maxPwdAge).ToShortDateString()

    #expiring in 7 days
    $7days=(get-date).AddDays(7-$maxPwdAge).ToShortDateString()

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False -and PasswordLastSet -gt 0} -Properties "SamAccountName", "displayname","msds-userpasswordexpirytimecomputed","PasswordLastSet" | where {{($_.PasswordLastSet).ToShortDateString() -lt $7days} -AND {($_.PasswordLastSet).ToShortDateString() -gt $maxPwdDate}} | select-object -property "SamAccountName", "displayname", "PasswordLastSet", @{name="expirydate";Expression={[datetime]::fromfiletime($_."msds-userpasswordexpirytimecomputed")}} | sort-object expirydate | export-csv "passwordexpiration.csv"

  • #31733

    Curtis Smith
    Participant

    Here you go Rob, give this a shot. Should be pretty straight forward as to what is going on here. Let me know if anything needs explaining.

    $maxPwdAge=(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
    $AlertEndDate = (Get-Date).AddDays(-$maxPwdAge + 8)
    $AlertBeginDate = $AlertEndDate.AddDays(-1)
    Get-ADUser -Filter {
                        Enabled -eq $true -And
                        PasswordNeverExpires -eq $False -And
                        PasswordLastSet -ge $AlertBeginDate -And
                        PasswordLastSet -lt $AlertEndDate
                       } -Properties "SamAccountName", "displayname","PasswordLastSet" |
    Select-Object "SamAccountName", "displayname", "PasswordLastSet", @{Label = 'PasswordExpires'; Expression = {($_.PasswordLastSet).AddDays($maxPwdAge)}}, @{Label = 'ExpiresInTimespan'; Expression = {New-TimeSpan -Start (Get-Date) -End (($_.PasswordLastSet).AddDays($maxPwdAge))}} |
    Sort-Object ExpiresInTimespan
    
  • #31747

    Rob Katz
    Participant

    Thanks!

    I mixed your code and my code together and got what i wanted. I had explored trying to isolate the dates in the -filter, but wasn't getting any traction there. i will use your formatting as a model, though...

    Now on to the next challenge of isolating the e-mail addresses from the users found (I added in "EmailAddress" to the Select-Object section) and looping them through a command to generate an e-mail to those users...

    Rob

  • #31749

    Curtis Smith
    Participant

    I'm not quite following, can you give an example of your challenge? Would probably be a good idea to start a new thread so people searching on this new challenge are not confused by the inital topic of this thread.

  • #31750

    Rob Katz
    Participant

    that was just commentary on what I was doing next. I try to only ask for help once i've exhausted my own attempts at problem solving...

    Thanks!
    Rob

  • #31751

    Curtis Smith
    Participant

    Ah, good deal. Enjoy!

You must be logged in to reply to this topic.