Passwordlastset compared to creation date of password

This topic contains 1 reply, has 1 voice, and was last updated by  Markus Jones 3 years, 10 months ago.

  • Author
    Posts
  • #10830

    Markus Jones
    Participant

    Hello

    Is there a script out there that will display user accounts password last set time and date that will compare when the password was first created. It can display Manager name, Email address of user account, Ext Abb. #14, Email Address of manager, display name, etc? The goal is to compare to see if pwdlastset is one hour less than creation dates of user account passwords. Output, deliver file. I hope I explain this clearly.

    Thank you

  • #10833

    Markus Jones
    Participant

    I have this script but can't seem to get it to work.

    Function Get-XADUserPasswordExpirationDate() {

    Param (
    [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage="Identity of the Account")]
    [Object] $accountObj
    )

    PROCESS {
    If ($accountObj.PasswordExpired)
    { Return "Expired"
    }
    Else
    { If ($accountObj.PasswordNeverExpires)
    { Return "Password set to never expire"
    }
    Else
    { $passwordSetDate = $accountObj.PasswordLastSet
    If ($passwordSetDate -eq $null)
    { Return "Password has never been set"
    }
    Else
    { $maxPasswordAgeTimeSpan = $null
    $dfl = (get-addomain).DomainMode
    If ($dfl -ge 3)
    { ## Greater than Windows2008 domain functional level
    $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
    If ($accountFGPP -ne $null)
    { $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    If ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0)
    { Return "MaxPasswordAge is not set for the domain or is set to zero!"
    }
    Else
    { Return ($passwordSetDate + $maxPasswordAgeTimeSpan)
    }
    }
    }
    }
    }
    }

    cls
    $Result = @()
    $Users = Get-ADUser -Filter * -Properties GivenName,sn,PasswordExpired,PasswordLastSet,PasswordneverExpires
    ForEach ($User in $Users)
    { $Result += New-Object PSObject -Property @{
    'Last Name' = $User.sn
    'First Name' = $User.GivenName
    UserName = $User.SamAccountName
    Expiration = $($User | Get-XADUserPasswordExpirationDate)
    }
    }
    $Result = $Result | Select 'Last Name','First Name',UserName,Expiration | Sort 'Last Name'

    #Produce a CSV
    $Result | Export-Csv "c:\temp\passwordexpirationdate.csv"

    #Send HTML Email
    $Header = @"

    "@
    $splat = @{
    From = ""
    To = ""
    SMTPServer = ""
    Subject = "Password Expiration Report"
    }
    $Body = $Result | ConvertTo-Html -Head $Header | Out-String
    Send-MailMessage @splat -Body $Body -BodyAsHTML -Attachments $Path\ExpirationReport.csv

You must be logged in to reply to this topic.