Powershell 脚本，通过 output 到 csv 找到密码到期的特定日期

Question

NOTE I AM A NEWBIE TO POWERSHELL

Ok I am needing to get the expired passwords for multiple users whose passwords expire by a specific date. I am needing the user names and emails of the users. I am not getting the right output. I keeping getting a message that says InputObject. I'm not sure what to add here and I know I am missing something.

See Below:

Get-ADUser -filter * -SearchBase "OU=Students,DC=domain,DC=domain,DC=com"  -properties PasswordNeverExpires,msDS-UserPasswordExpiryTimeComputed | where {$_.enabled -eq $true -and $_.PasswordNeverExpires -eq  $False} | select Name,@{Name="ExpiryDate";Expression={([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")).DateTime}} | where {($_.ExpiryDate | get-date)  -gt (get-date) -and ($_.ExpiryDate | get-date) -eq (get-date).adddays(20)  Export-csv C:\Temp\Password } 

Answer 1

The web search I linked to would have given you these articles...

Get-ADUser: Getting Active Directory Users Info via PowerShell

Powershell – Get AD Users Password Expiry Date

You could have also use the Windows Server ADAC to write the baseline code for you via a GUI click-thru, that you could tweak as needed.

Use AD Administrative Center to Create PowerShell Commands

... and the help files, would give you all you need to construct this properly

# Get specifics for a module, cmdlet, or function
(Get-Command -Name Get-ADUser).Parameters
(Get-Command -Name Get-ADUser).Parameters.Keys
Get-help -Name Get-ADUser -Examples
# Results
<#
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName -A
Get-ADUser GlenJohn -Properties *
Get-ADUser -Filter {Name -eq "GlenJohn"} -SearchBase "DC=AppNC" -Properties mail -Server lds.Fabrikam.com:50000
#>
Get-help -Name Get-ADUser -Full
Get-help -Name Get-ADUser -Online

I modified the code a bit from the article, as spaces in propertyNames, variables, fields, filenames, etc., are just an unneeded pain to deal with.

<#
Get Password Expiry Date of all Enabled AD Users

The following powershell script find all the enabled Active Directory users 
whose PasswordNeverExpires flag value is equal to False and list the attribute 
value samAccountName and Password Expire Date. The Active Directory computed 
attribute msDS-UserPasswordExpiryTimeComputed is timeStamp attribute and its 
value will be stored as integer, so we are using expression to convert timestamp 
value into normal date time.
#>
Import-Module ActiveDirectory

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName', 
@{
    Name       = 'PasswordExpiryDate'
    Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} | 
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) | 
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8

<#
You can add any extra attributes that are supported/available in Active Directory property listing.

If you want to add the attributes mail and pwdLastset with this script, you can 
simply add these attributes as comma separated values.
#>

Import-Module ActiveDirectory

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties 'SamAccountName', 
'mail',
'pwdLastSet',
'msDS-UserPasswordExpiryTimeComputed' |
Select-Object -Property 'SamAccountName', 'Name', 'DisplayName', 'mail',
@{
    Name       = 'PasswordLastSet'
    Expression = {[datetime]::FromFileTime($_."pwdLastSet")}
}, 
@{
    Name       = 'PasswordExpiryDate'
    Expression = {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}
} | 
Where-Object -Property 'PasswordExpiryDate' -LE (Get-Date).AddDays(20) | 
Export-Csv -Path 'D:\Temp\PasswordExpiryReport.Csv' -NoTypeInformation -Encoding UTF8