Author Posts

October 17, 2013 at 10:36 am

Hello

Is there a script out there that will display user accounts password last set time and date that will compare when the password was first created. It can display Manager name, Email address of user account, Ext Abb. #14, Email Address of manager, display name, etc? The goal is to compare to see if pwdlastset is one hour less than creation dates of user account passwords. Output, deliver file. I hope I explain this clearly.

Thank you

October 17, 2013 at 10:42 am

I have this script but can't seem to get it to work.

Function Get-XADUserPasswordExpirationDate() {

Param (
[Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage="Identity of the Account")]
[Object] $accountObj
)

PROCESS {
If ($accountObj.PasswordExpired)
{ Return "Expired"
}
Else
{ If ($accountObj.PasswordNeverExpires)
{ Return "Password set to never expire"
}
Else
{ $passwordSetDate = $accountObj.PasswordLastSet
If ($passwordSetDate -eq $null)
{ Return "Password has never been set"
}
Else
{ $maxPasswordAgeTimeSpan = $null
$dfl = (get-addomain).DomainMode
If ($dfl -ge 3)
{ ## Greater than Windows2008 domain functional level
$accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
If ($accountFGPP -ne $null)
{ $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
}
Else
{ $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}
}
Else
{ $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}
If ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0)
{ Return "MaxPasswordAge is not set for the domain or is set to zero!"
}
Else
{ Return ($passwordSetDate + $maxPasswordAgeTimeSpan)
}
}
}
}
}
}

cls
$Result = @()
$Users = Get-ADUser -Filter * -Properties GivenName,sn,PasswordExpired,PasswordLastSet,PasswordneverExpires
ForEach ($User in $Users)
{ $Result += New-Object PSObject -Property @{
'Last Name' = $User.sn
'First Name' = $User.GivenName
UserName = $User.SamAccountName
Expiration = $($User | Get-XADUserPasswordExpirationDate)
}
}
$Result = $Result | Select 'Last Name','First Name',UserName,Expiration | Sort 'Last Name'

#Produce a CSV
$Result | Export-Csv "c:\temp\passwordexpirationdate.csv"

#Send HTML Email
$Header = @"

"@
$splat = @{
From = ""
To = ""
SMTPServer = ""
Subject = "Password Expiration Report"
}
$Body = $Result | ConvertTo-Html -Head $Header | Out-String
Send-MailMessage @splat -Body $Body -BodyAsHTML -Attachments $Path\ExpirationReport.csv