Reputation: 11251
Powershell - Active Directory - filter PasswordLastSet by today
I have the following powershell it works without the filter. However, if I want to see whether passwordlastset was today it throws an error. I am trying to compare the date (without the time).
This line throws error:
Get-ADUser -identity svc-sap-dataRead -ldapfilter passwordlastset=get-date -properties passwordlastset
Get-ADUser -identity svc-sap-dataRead -properties passwordlastset
DistinguishedName : CN=svc-sap-dataRead,OU=Service Accounts,OU=SAP-
OG,OU=Applications,OU=Prod-Groups,DC=csi,DC=com
Enabled : True
GivenName :
Name : svc-sap-dataRead
ObjectClass : user
ObjectGUID : dcbadba0-3cd7-4e51-9d14-d0e8a6be17f5
PasswordLastSet : 5/6/2016 8:44:13 AM
SamAccountName : svc-sap-dataRead
SID : S-1-5-21-3791487480-1111548175-1301309645-519760
Surname :
UserPrincipalName : [email protected]
Just tried the following code: it does not error nor gives me anything back.
Get-ADUser -identity svc-sap-dataRead -properties passwordlastset |
where {$_.passwordlastset -eq (get-date)}|select-object passwordlastset, name
Upvotes: 1
Views: 5821
Answers (1)
Reputation: 1702
You're comparing the full DateTime, not just the day. In other words, you're comparing down to the minute. Put this in your where block:
$pw = $_.passwordLastset;
$pw.ToShortDateString() -eq $(Get-Date).ToShortDateString()
edit: Here's the full command:
Get-ADUser -Identity svc-sap-dataRead -Properties passwordLastSet | Where-Object {
$pw = $_.passwordLastSet
if ($pw -ne $null) {
$pw.ToShortDateString() -eq (Get-Date).ToShortDateString()
}
} | Select-Object passwordLastSet, Name
Your Where-Object is going to filter out users that don't meet the criteria in that block, in this case, users who haven't reset their passwords today.
If you just want a boolean value of whether they've reset their passwords today you might try something like this:
$adUser = Get-ADUser -Identity svc-sap-dataRead -Properties passwordLastSet | Select-Object passwordLastSet, Name
$pw = $adUser.passwordLastSet
$resetPasswordToday = if ($pw -ne $null) { $pw.ToShortDateString() -eq (Get-Date).ToShortDateString() } else { $false }
This is getting the passwordLastSet attribute, seeing if it's null and if not seeing if it's date is today.
(Keep in mind, if you manually expire a password by checking the "User must change password" box, this essentially makes passwordLastSet null.)
Upvotes: 4
Related Questions
- PowerShell says "execution of scripts is disabled on this system."
- Setting Windows PowerShell environment variables
- Determine installed PowerShell version
- How can I verify if an AD account is locked?
- ADComputerobject OperatingSystem empty
- OU Information Not Available In Azure After Syncing User From On Prem Active Directory
- How to display "Description" attribute in any user's account?
- Powershell,Import-CSV,-Filter SamAccountName
- PowerShell Output Related to ADObject Properties
- Parsing variables into Get-ADUser CMDLT - Error parsing query