Passwordlastset compared to creation date of password

Welcome Forums General PowerShell Q&A Passwordlastset compared to creation date of password

This topic contains 1 reply, has 1 voice, and was last updated by

 
Participant
5 years, 1 month ago.

  • Author
    Posts
  • #10830

    Participant
    Points: 0
    Rank: Member

    Hello

    Is there a script out there that will display user accounts password last set time and date that will compare when the password was first created. It can display Manager name, Email address of user account, Ext Abb. #14, Email Address of manager, display name, etc? The goal is to compare to see if pwdlastset is one hour less than creation dates of user account passwords. Output, deliver file. I hope I explain this clearly.

    Thank you

  • #10833

    Participant
    Points: 0
    Rank: Member

    I have this script but can't seem to get it to work.

    Function Get-XADUserPasswordExpirationDate() {

    Param (
    [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage="Identity of the Account")]
    [Object] $accountObj
    )

    PROCESS {
    If ($accountObj.PasswordExpired)
    { Return "Expired"
    }
    Else
    { If ($accountObj.PasswordNeverExpires)
    { Return "Password set to never expire"
    }
    Else
    { $passwordSetDate = $accountObj.PasswordLastSet
    If ($passwordSetDate -eq $null)
    { Return "Password has never been set"
    }
    Else
    { $maxPasswordAgeTimeSpan = $null
    $dfl = (get-addomain).DomainMode
    If ($dfl -ge 3)
    { ## Greater than Windows2008 domain functional level
    $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
    If ($accountFGPP -ne $null)
    { $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    }
    Else
    { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    }
    If ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0)
    { Return "MaxPasswordAge is not set for the domain or is set to zero!"
    }
    Else
    { Return ($passwordSetDate + $maxPasswordAgeTimeSpan)
    }
    }
    }
    }
    }
    }

    cls
    $Result = @()
    $Users = Get-ADUser -Filter * -Properties GivenName,sn,PasswordExpired,PasswordLastSet,PasswordneverExpires
    ForEach ($User in $Users)
    { $Result += New-Object PSObject -Property @{
    'Last Name' = $User.sn
    'First Name' = $User.GivenName
    UserName = $User.SamAccountName
    Expiration = $($User | Get-XADUserPasswordExpirationDate)
    }
    }
    $Result = $Result | Select 'Last Name','First Name',UserName,Expiration | Sort 'Last Name'

    #Produce a CSV
    $Result | Export-Csv "c:\temp\passwordexpirationdate.csv"

    #Send HTML Email
    $Header = @"

    "@
    $splat = @{
    From = ""
    To = ""
    SMTPServer = ""
    Subject = "Password Expiration Report"
    }
    $Body = $Result | ConvertTo-Html -Head $Header | Out-String
    Send-MailMessage @splat -Body $Body -BodyAsHTML -Attachments $Path\ExpirationReport.csv

The topic ‘Passwordlastset compared to creation date of password’ is closed to new replies.