powershell password expiry help

This topic contains 3 replies, has 3 voices, and was last updated by  edwin arlington 6 months, 3 weeks ago.

  • Author
  • #78707



    I am very new to powershell. I am trying to write scripts in order to practice and get better. Unfortunately I am terrible at this currently.

    I am trying to write a script to output to the window if an AD user password was set more than or less than 100 days ago.

    Currently I have the below, I am not sure whether I am completely wrong or close, any help is much appreciated and if someone could explain where I have gone wrong this would also be appreciated.

    import-module activedirectory

    $user = Get-ADUser -Identity "remotelabs" -Properties *

    $PWLS = $user.PasswordLastSet

    $date = get-date

    if ($PWLS -gt $date.Day.100)
    {Write-host "this needs changing"}
    Elseif ($PWLS -lt $date.Day.100)
    {Write-Host "This doesn't need changing"}

    thank you in advance,

  • #78713

    Matt Bloomfield

    You're nearly there.

    To get the date you want to compare against, i.e. the date 100 days ago, you need to use the AddDate method.


    You've got your logic the wrong way round as well. Yesterday's date is less than today's date. So it should be

    if ($PWLS -lt $date.AddDays(-100))
    {Write-host "this needs changing"}
     Elseif ($PWLS -gt $date.AddDays(-100))
     {Write-Host "This doesn't need changing"}

    If you want to accelerate your learning, I really recommend starting with PowerShell in a Month of Lunches.

    • #78715



      Thank you very much for replying and I'm glad I was nearly there.

      I understand that you need .adddays as the property now.

      I thought -lt -100 would be less than 100 days old (in the above code). But I guess I should read this as less than -100 so anything 100+(101,102) etc.

      Thanks again,

  • #78743

    edwin arlington

You must be logged in to reply to this topic.