Password Info

Welcome Forums General PowerShell Q&A Password Info

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
5 years, 5 months ago.

  • Author
    Posts
  • #10951

    Participant
    Points: 0
    Rank: Member

    How can I change this script to get all domain users password info. Here is the script I used but he only ask for a SamAccount for one user.

    < # .SYNOPSIS Determine last time user set their password .DESCRIPTION Shows password max age, if expired, and last date pw was changed. .NOTES Author: George Jones .LINK .PARAMETER SAMAccountName SAMAccountName for the user in question. .EXAMPLE .\pw-last-set.ps1 -SAMAccountName some.user #>

    param (
    [parameter(Mandatory=$true, HelpMessage="SAMAccountName for user")]$SAMAccountName
    )

    $root = [ADSI]"
    $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
    $searcher.filter = "(&(objectClass=user)(sAMAccountName= $SAMAccountName))"
    $user = $searcher.findall()

    $User = [ADSI]$user[0].path

    # get domain password policy (max pw age)
    $D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    $Domain = [ADSI]"LDAP://$D"
    $MPA = $Domain.maxPwdAge.Value

    # get Int64 (100-nanosecond intervals).
    $lngMaxPwdAge = $Domain.ConvertLargeIntegerToInt64($MPA)

    # get days
    $MaxPwdAge = -$lngMaxPwdAge/(600000000 * 1440)
    "Domain Max Password Age (days): " + '{0:n3}' -f $MaxPwdAge

    # check if password can expire or not
    $UAC = $User.userAccountControl
    $blnPwdExpires = -not (($UAC.Item(0) -band 64) -or ($UAC.Item(0) -band 65536))
    "Can Password Expire?: $blnPwdExpires"

    # when was pw last set?
    $PLS = $User.pwdLastSet.Value

    # convert to int64
    $lngValue = $User.ConvertLargeIntegerToInt64($PLS)

    # convert to ad date
    $Date = [DateTime]$lngValue
    if ($Date -eq 0) {
    $PwdLastSet = ""
    }
    else {
    $PwdLastSet = $Date.AddYears(1600).ToLocalTime()
    }
    "Password Last Set (local time): $PwdLastSet"

    # is the password expired?
    $blnExpired = $False
    $Now = Get-Date
    if ($blnPwdExpires) {
    if ($Date -eq 0) {
    $blnExpired = $True
    }
    else
    {
    if ($PwdLastSet.AddDays($MaxPwdAge) -le $Now) {
    $blnExpired = $True
    }
    }
    }

    "Password Expired? $blnExpired"

  • #10954

    Member
    Points: 0
    Rank: Member

    You'd need to get rid of the Param block (or at least make the $SamAccountName parameter optional, defaulting to '*'), potentially modify $searcher.Filter (if you're not going to filter on samAccountName at all), and modify the rest of the code to loop over the collection returned by $searcher.FindAll(), instead of only outputting information for a single record at index 0.

    I would also recommend constructing objects (which can then be formatted by Format-Table or Format-List), instead of outputting a bunch of strings (such as "Password Expired? $blnExpired" ). You'd need to include a property in each object indicating which user account the information refers to.

  • #10956

    Participant
    Points: 0
    Rank: Member

    I am new to poweshell scripting like this. Could you give more details on how this script should look? Thanks

The topic ‘Password Info’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort