Author Posts

November 30, 2017 at 10:53 am

Please help me out.. I would like to get Accounts alredy expired and accounts that will expires in 100 days. It is getting the the table below, but no information. if I remove "-and (Search-ADAccount -AccountExpired -UsersOnly | Where-Object {$_.Enabled})" will show me account will exprire in 100, but does not show accounts already expired.

SamAccountName Mail Department Company Title Enabled Created AccountExpirationDate Description CanonicalName
————– —- ———- ——- —– ——- ——- ——————— ———– ————-

_________________________________________________________________________________
cls
Import-Module ActiveDirectory
$OU="OU=OtherUsers,OU=adm,DC=adm,DC=com"
$report = $null
$table = $null
$date = Get-Date -uformat "%d/%B/%Y" # Date format
$startDate = Get-Date
$endDate = $startDate.AddDays(100)
$total = (Get-ADUser -filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate} -SearchBase $OU).count # Total accounts on OU
$domain = (Get-ADDomain).Forest # Domain name

#–USER LIST————————————————#

$prop = @('SamAccountName','Mail','Department','Company','Title','Enabled','Created','AccountExpirationDate','Description','CanonicalName','Manager')

$users = @(Get-ADUser -filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate} -SearchBase $OU -Properties $prop)-and (Search-ADAccount -AccountExpired -UsersOnly | Where-Object {$_.Enabled})

$result = @($users | Select-Object SamAccountName, Mail, Department, Company, Title, Enabled, Created, AccountExpirationDate, Description, CanonicalName, @{Name='Manager';Expression={(Get-ADUser $_.Manager).sAMAccountName}})

# Sort by user account A-Z
$result = $result | Sort "SamAccountName"

# This line will not show script running.
$result | ft -auto

November 30, 2017 at 1:15 pm

When I run the command in my environment and evaluate what's in users I get "True". I think this has something to do with the -and between getting the accounts that are going to expire and the expired accounts.

Try this instead:

$users = Get-ADUser -filter {AccountExpirationDate -gt $startDate -and AccountExpirationDate -lt $endDate -or AccountExpirationDate -lt $startdate} -SearchBase $OU

November 30, 2017 at 9:24 pm

-and means if both are true return X.
What I think you want is if either is true the return X.
So, consider changing -and to -or

December 1, 2017 at 2:06 pm

Ohhhh. Thanks I did not see that... works here.