Find AD users who’s password hasn’t been changed in x amount of days and who’s name doesn’t start with yy.

I found This script that sort of fit my needs. But I tweaked it to output better formatted date using Out-Gridview, and to exclude accounts that start with YY. I think it’s excluding accounts that it should list, like mine, and not excluding accounts it should. Any help would be appreciated

param ( $PwdAge = 90 ) $PwdDate = (Get-Date).AddDays(-$PwdAge).ToFileTime() (New-Object DirectoryServices.DirectorySearcher -Property @{ Filter = "(&(objectclass=user)(objectcategory=person) (!(userAccountControl:1.2.840.113556.1.4.803:=2) (samaccountname>=svc) (samaccountname>=AW01) (samaccountname>=XR01) (samaccountname>=XR06) (samaccountname>=XR07) (samaccountname>=XR08) (samaccountname>=XR09) (samaccountname>=XR11) (samaccountname>=XR13) (samaccountname>=XR14) (samaccountname>=XR15) (samaccountname>=XR16) (samaccountname>=XR17) (samaccountname>=XR18) (samaccountname>=XR19) (samaccountname>=XR21) (samaccountname>=XR22) (samaccountname>=XR24) (samaccountname>=XR25) (samaccountname>=PW01) (samaccountname>=WW01) (samaccountname>=SQL) (samaccountname>=XR31)) (pwdlastset<=$PwdDate))" PageSize = 500 }).FindAll() | ForEach-Object { $objUsers = New-Object -TypeName PSCustomObject -Property @{ samaccountname = $_.Properties.samaccountname -join '' pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join '')) enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2) } [array]$array += $objUsers } $array | Out-Gridview 

submitted by /u/Pavix
[link] [comments]

One Reply to “Find AD users who’s password hasn’t been changed in x amount of days and who’s name doesn’t start with yy.”

  1. So which accounts would you like to exclude exactly?

Leave a Reply