Reputation: 25
Finding the difference between "pwdLastSet" and current date/time
Using PowerShell I am getting a count of all operating systems in Active Directory. I have the count of all Windows 10 OS, I now need a count of computers that have passwords greater than 90 days or older.
I've already tried scripts outside of the command using "Get-Date," however I need it incorporated into a single command if possible.
Get-ADComputer -SearchBase "OU=Computers,DC=DomainName,DC=com" -Filter {OperatingSystem -Like "Windows 10*"} -Property , OperatingSystem, pwdLastSet, |
select OperatingSystem, @{Name="pwdLastSet";Expression={([DateTime]::FromFileTime($_.pwdLastSet))}}
Count: # of OS
"Older than 90 days": ?
Upvotes: 2
Views: 9921
Answers (2)
Reputation: 200373
The property PwdLastSet returns the literal value of the AD attribute pwdLastSet, which contains the timestamp encoded as filetime. You can decode that value to a DateTime value yourself via [DateTime]::FromFileTime(). However, PowerShell already does that for you and stores the decoded value in the property PasswordLastSet, so use that instead.
To get the password age of a computer you'd calculate the difference between the current date and PasswordLastSet, and then get the value of the Days property of the resuting Timespan object. Put that in a calculated property and you can filter for computers with a password age > 90 days.
$ou = 'OU=Computers,DC=DomainName,DC=com'
$fltr = 'OperatingSystem -like "Windows 10*"'
$props = 'OperatingSystem', 'PasswordLastSet'
$cutoff = (Get-Date).Date.AddDays(-90)
$hosts = Get-ADComputer -SearchBase $ou -Filter $fltr -Property $props |
Select-Object OperatingSystem,
@{n='PasswordAge';e={((Get-Date) - $_.PasswordLastSet).Days}}
($hosts | Where-Object { $_.PasswordAge -gt 90 }).Count
Upvotes: 3
Reputation: 25021
If we build off of what you have, then you can do the following:
Get-ADComputer -SearchBase "OU=Computers,DC=DomainName,DC=com" -Filter {OperatingSystem -Like "Windows 10*"} -Property , OperatingSystem, pwdLastSet, | Select-Object OperatingSystem, @{Name="pwdLastSet";Expression={[datetime]::FromFileTime($_.pwdLastSet)}},@{Name="90_Days_Old";Expression={([datetime]::FromFileTime($_.pwdLastSet)).AddDays(90) -le (Get-Date)}}
Explanation:
The Select-Object calculated property 90_Days_Old will output True if the password is 90 days or older. Otherwise, False will output.
The key here is using the .AddDays() method from your DateTime object. You can choose to add 90 days to the PwdLastSet (.AddDays(90)) value or subtract 90 days from the current date and time (.AddDays(-90)).
This will not be the best way to approach this problem because of the following reasons:
- You should store reusable values in variables. This promotes neater code and reduces redundant code execution.
PwdLastSetmay not be the optimal property to check since it outputs in file time format.PasswordLastSetdisplays the date in human-readable format.
Upvotes: 1
Related Questions
- Converting LastLogon to DateTime format
- Handling AD user LastLogonDate & current date in PowerShell
- How do I query Last Logon Date via Powershell
- In Powershell how do I get passwordLastSet as DateTime instead of as an Object from AD?
- Powershell Script to check if Active Directory User Last Logon
- Getting an error comparing Last Logon time with a Date
- powershell output of ad-user pwdLastSet and LastLoginTimeStamp
- Powershell variable interrogation of date & time difference
- Extract date from LastLogonTimestamp
- Finding out Last logon time in Windows through Powershell