Setting a default value in Select-Object

Welcome Forums General PowerShell Q&A Setting a default value in Select-Object

Viewing 6 reply threads
  • Author
    Posts
    • #230725
      Participant
      Topics: 2
      Replies: 3
      Points: 30
      Rank: Member

      Hello,

      I’m trying to report on Active Directory user account values. In the code below, AccountEpires returns “12/31/1600 4:00:00 PM” when it has not been set on.

      I tried inserting an If statement in the Expression, but not sure how to code this.

      How can I change this value to “Never” or something else that makes more sense?

      Here is what I have so far:

      $users = @('user1', 'user2', 'user3')
      
      $users | Get-ADUser -Server $srver -Credential $creds -ErrorAction SilentlyContinue –Properties `
                  "DisplayName", `
                  "msDS-UserPasswordExpiryTimeComputed", `
                  "AccountExpires", `
                  "PasswordNeverExpires", `
                  "LockedOut" |
               Select-Object -Property `
                  @{Name="Name";                    Expression={$_.DisplayName}},
                  @{Name="Password Expiration Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},
                  @{Name="Account Expiration Date"; Expression={[datetime]::FromFileTime($_.AccountExpires)}},
                  @{Name="Password Never Expires";  Expression={$_.PasswordNeverExpires}},
                  @{Name="Enabled";                 Expression={$_.Enabled}},
                  @{Name="Locked";                  Expression={$_.LockedOut}} | FT #Export-Csv $file -Notypeinfo`
      
      
      Name            Password Expiration Date Account Expiration Date Password Never Expires Enabled Locked
      ----            ------------------------ ----------------------- ---------------------- ------- ------
      User1                                    12/31/1600 4:00:00 PM                     True    True  False
      User2           6/7/2020 9:39:17 AM      12/31/1600 4:00:00 PM                    False    True  False
      User3           8/18/2020 12:54:04 PM    12/31/1600 4:00:00 PM                    False    True  False`
      • This topic was modified 1 month, 3 weeks ago by obijuan.
    • #230752
      Participant
      Topics: 12
      Replies: 525
      Points: 1,233
      Helping Hand
      Rank: Community Hero
      $users = @('user1', 'user2', 'user3')
      
      $users | Get-ADUser -Server $srver -Credential $creds -ErrorAction SilentlyContinue –Properties `
                  "DisplayName", `
                  "msDS-UserPasswordExpiryTimeComputed", `
                  "AccountExpires", `
                  "PasswordNeverExpires", `
                  "LockedOut" |
               Select-Object -Property `
                  @{Name="Name";                    Expression={$_.DisplayName}},
                  @{Name="Password Expiration Date";Expression={
                          $Date = [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")
                          if ($Date.Year -eq 1600) { 'Never' } else { $Date }
                      }
                  },
                  @{Name="Account Expiration Date"; Expression={[datetime]::FromFileTime($_.AccountExpires)}},
                  @{Name="Password Never Expires";  Expression={$_.PasswordNeverExpires}},
                  @{Name="Enabled";                 Expression={$_.Enabled}},
                  @{Name="Locked";                  Expression={$_.LockedOut}} | FT #Export-Csv $file -Notypeinfo`
      
    • #230773
      Participant
      Topics: 2
      Replies: 3
      Points: 30
      Rank: Member

      Hi Sam,

      Really appreciate your quick reply. I’ll give that a try.

      However, I think you targeted the “Password Expiration Date” field. The one that comes out with a year of 1600 is the line below. This is the AD field “AccountExpires” which I’ve labeled “Account Expiration Date”.

      Thanks again.

    • #230788
      Participant
      Topics: 2
      Replies: 3
      Points: 30
      Rank: Member

      Sam,

      I got it to work with your help. Much appreciated.

      One other question; if you look at the output, some accounts (i.e. user1) are set to never expire. These accounts return nothing in the Password Expiration Date field. I’ve tried checking for $null and ” but still cannot get it to display ‘Never”.

      Thanks.

    • #230812
      Participant
      Topics: 12
      Replies: 525
      Points: 1,233
      Helping Hand
      Rank: Community Hero
      $users = @('user1', 'user2', 'user3')
      
      $users | Get-ADUser -Server $srver -Credential $creds -ErrorAction SilentlyContinue –Properties `
                  "DisplayName", `
                  "msDS-UserPasswordExpiryTimeComputed", `
                  "AccountExpires", `
                  "PasswordNeverExpires", `
                  "LockedOut" |
               Select-Object -Property `
                  @{Name="Name";                    Expression={$_.DisplayName}},
                  @{Name="Password Expiration Date";Expression={
                          if ($_."msDS-UserPasswordExpiryTimeComputed") { $_."msDS-UserPasswordExpiryTimeComputed" } else { 'Never' }
                      }
                  },
                  @{Name="Account Expiration Date"; Expression={
                          $Date = [datetime]::FromFileTime($_."AccountExpires")
                          if ($Date.Year -eq 1600) { 'Never' } else { $Date }
                      }
                  },
                  @{Name="Password Never Expires";  Expression={$_.PasswordNeverExpires}},
                  @{Name="Enabled";                 Expression={$_.Enabled}},
                  @{Name="Locked";                  Expression={$_.LockedOut}} | FT #Export-Csv $file -Notypeinfo
      
    • #230818
      Participant
      Topics: 2
      Replies: 3
      Points: 30
      Rank: Member

      Strange, seems the msDS-UserPasswordExpiryTimeComputed cannot be checked for a value. Seems when the password never expires attribute is set to “True”, the msDS-UserPasswordExpiryTimeComputed does not exist and the Else condition is not triggered.

      Here is actual output

      User Name       Password Expiration Date Account Expiration Date Password Never Expires Account is Enabled Account is Locked
      ---------       ------------------------ ----------------------- ---------------------- ------------------ -----------------
      Carson Goldberg                          Never                   True                    True              False
      Kevin Gurney    6/7/2020 9:39:17 AM      Never                   False                   True              False
      Don Bates       8/18/2020 12:54:04 PM    Never                   False                   True              False
      Gregg Hess      8/16/2020 9:42:00 AM     Never                   False                   True              False
      Josh Carey                               Never                   True                    True              False
      Chris Murray    6/30/2020 4:13:38 PM     Never                   False                   True              False
      • This reply was modified 1 month, 2 weeks ago by obijuan.
    • #230998
      Participant
      Topics: 1
      Replies: 114
      Points: 123
      Rank: Participant

      This seems to be more of an AD question than PS. But you’re on the right track, just need to dive more into AD objects/properties/attributes and also some of the eccentricities with the AD PS module and filtering/LDAP properties.

      Also take a look at Search-ADAccount which has a handful of very useful parameters to perform some very common AD queries. Like Search-ADAccount -LockedOut returns any AD accounts that are currently locked out.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.