-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-PasswordAge.ps1
83 lines (68 loc) · 2.43 KB
/
Get-PasswordAge.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<#
.SYNOPSIS
Script to query Active Directory for User password age.
.DESCRIPTION
This script will query Active Directory for user password age information. Optional arguments
Days, ResultSize, and IncludeNeverExpires help limit the output.
.PARAMETER Days
This parameter will define the number of days.
.PARAMETER ResultSize
This parameter defines the result size.
.PARAMETER ExcludeNeverExpires
This parameter defines whether or not to include users with passwords that don't expire.
.EXAMPLE
C:\PS> Get-PasswordAge.ps1 -Days 7
This command will get list of users with passwords set seven (7) days or earlier.
#>
param (
[Parameter(
Mandatory=$false,
ValueFromPipeline=$true)
][string[]]$CmdUsers,
[int]$Days = 7,
[int]$LastResults = 0,
[switch]$ExcludeNeverExpires,
[switch]$ExcludeDisabledUsers = $false
)
$Properties =
"LastLogonTimestamp",
"PwdLastSet",
"PasswordNeverExpires",
"Mail",
"PasswordExpired"
$SelectProperties =
"Name",
@{Name="Last Logon"; Expression={ ([datetime]::FromFileTime($_.LastLogonTimeStamp)) }},
"Mail",
@{Name="Account Name"; Expression={ $_.SAMAccountName }},
@{Name="Last Set"; Expression={ ([datetime]::FromFileTime($_.pwdLastSet)) }},
@{Name="Age"; Expression={ CalcPwdAge($_.pwdLastSet) }},
@{Name="Password Expired"; Expression="PasswordExpired"},
@{Name="Never Expires"; Expression={ $_.PasswordNeverExpires }},
"Enabled"
function CalcPwdAge($LastSet) {
$TimeSpan = New-TimeSpan -Start ([datetime]::FromFileTime($LastSet)) -End (Get-Date).DateTime
return $TimeSpan.Days
}
#
if ($CmdUsers.Count) {
$Users = $CmdUsers | Get-ADUser -Properties $Properties
} else {
$Users = Get-ADUser -Filter * -Properties $Properties
}
# Check for accounts with passwords last set within $Days
if ($Days -gt 0) {
$Users = $Users | Where-Object { (New-TimeSpan -Start ([datetime]::FromFileTime($_.pwdLastSet)) -End (Get-Date).DateTime).Days -le $Days }
}
# Include accounts that don't expire?
if ($ExcludeNeverExpires.IsPresent) {
$Users = $Users | Where-Object { $_.PasswordNeverExpires -eq $false }
}
# Sort results by last password set date
$Users = $Users | Sort PwdLastSet
# Limit results
if ($LastResults) {
$Users = $Users | Select-Object -First $LastResults
}
# Output
$Users | Select $SelectProperties