Find Expiring Users Passwords Active Directory Powershell

function Get-XADUserPasswordExpirationDate() {

Param ([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage=”Identity of the Account”)] [Object] $accountIdentity)

PROCESS {
$accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet

if ($accountObj.PasswordExpired) {
echo ($accountObj.Name + “;already expired”)
} else {

if ($accountObj.PasswordNeverExpires) {
echo ($accountObj.Name + “;never expires”)
} else {
$passwordSetDate = $accountObj.PasswordLastSet

if ($passwordSetDate -eq $null) {
echo ($accountObj.Name + “;never been set”)
} else {
$maxPasswordAgeTimeSpan = $null
$dfl = (get-addomain).DomainMode

if ($dfl -ge 3) {
## Greater than Windows2008 domain functional level
$accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj

if ($accountFGPP -ne $null) {
$maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
} else {
$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}
} else {
$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
}

if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0) {
echo (“MaxPasswordAge is not set for the domain or is set to zero!”)
} else {
echo ($accountObj.Name + “;” + ($passwordSetDate + $maxPasswordAgeTimeSpan))
}
}
}
}
}
}

$users = get-aduser -SearchBase “OU=TestOU,DC=domain,DC=com” -filter * -properties * |where {$_.Enabled -eq “True”}

foreach ($user in $users)
{
Get-XADUserPasswordExpirationDate testuser #$user #| Out-File C:_SWusers_password_policy.csv -Append
}

Rispondi