function Get-XADUserPasswordExpirationDate() { Param ([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true, HelpMessage=”Identity of the Account”)] [Object] $accountIdentity) PROCESS { $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet if ($accountObj.PasswordExpired) { echo ($accountObj.Name + “;already expired”) } else { if ($accountObj.PasswordNeverExpires) { echo ($accountObj.Name + “;never expires”) } else { $passwordSetDate = $accountObj.PasswordLastSet if ($passwordSetDate -eq $null) { echo ($accountObj.Name + “;never been set”) } else { $maxPasswordAgeTimeSpan = $null $dfl = (get-addomain).DomainMode if ($dfl -ge 3) { ## Greater than Windows2008 domain functional level $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj if ($accountFGPP -ne $null) { $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge } else { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge } } else { $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge } if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0) { echo (“MaxPasswordAge is not set for the domain or is set to zero!”) } else { echo ($accountObj.Name + “;” + ($passwordSetDate + $maxPasswordAgeTimeSpan)) } } } } } } $users = get-aduser -SearchBase “OU=TestOU,DC=domain,DC=com” -filter * -properties * |where {$_.Enabled -eq “True”} foreach ($user in $users) { Get-XADUserPasswordExpirationDate testuser #$user #| Out-File C:_SWusers_password_policy.csv -Append }
Find Expiring Users Passwords Active Directory Powershell
Lascia una risposta