Reputation: 1625
account expiration/password expiration in active directory
I work in a tech office and a lot of my job is to reset passwords/ change expiration dates on active directory accounts. Since I do not have access to the actual server, just my administrative tools -> active directory users and computers is what I have.
Every week or so I am given a list of usernames, I am to check and see if their passwords are expired, and if their account is expired. If the account is expired I have a date I need to set it to, if the p/w is expired each user has a predetermined p/w
I have been reading here around SA and powershell.com trying to figure out a way to write a script to check each of these accounts in my file and set each account as needed; however I can't seem to get information on the accounts.
I have tried Get-LDAPUser , I have tried using Get-ADUser -Filter andGet-ADUser username -acctExpires.I keep getting a no cmdlet errors here, Also tried to see if I could somehow just access partial information using the `Net User user /domain to no avail
I am not asking for an answer as I know I have shown no work, but if this can be done I would like a step in the right direction!
Upvotes: 0
Views: 23516
Answers (2)
Reputation: 11
Another approach:
# Check if the users account is expired
FUNCTION IsExpired ($Name)
{
Import-Module ActiveDirectory
$ExpirationDate=(Get-ADUser $Name -Properties 'AccountExpirationDate').AccountExpirationDate
$Result = ($ExpirationDate -lt (Get-Date))
Return $Result
}
Upvotes: 1
Reputation: 200523
Try something like this:
Import-Module ActiveDirectory
function FileTime2Date($time) {
return ([datetime]::FromFileTime($time)).DateTime
}
$today = Get-Date
$userlist = Get-Content "C:\path\to\username.list"
Get-ADUser -Filter * -Properties * |
select sAMAccountName, accountExpirationDate, @{n='passwordExpiry';
e={FileTime2Date $_.'msDS-UserPasswordExpiryTimeComputed'}} |
? { $userlist -contains $_.sAMAccountName -and (
$_.accountExpirationDate -le $today -or
$_.passwordExpiry -le $today
)
}
Untested, though, since I don't have an AD at hand right now.
Upvotes: 1
Related Questions
- Powershell Creating Password Expiration Report
- Account expiry dates or account Never expire for all AD users
- Powershell command, to get users with expiring passwords in the next month or 30 days?
- Calculate AD password age from expiration date Powershell
- Get Password expiry date for one single user in AD
- Contradictory values from Active Directory regarding password expiry date
- Active directory account expire notification power shell
- Active Directory password expiration in powershell
- Powershell: Password Must Change Next Logon when Password Expires in 1 day
- Days until password expires