stackoom
  简体   繁体   中英

Need powershell cmd to export Local user password expiry date

 原文  2014-07-07 09:50:11       powershell/ powershell-2.0/ windows-server-2008-r2/ powershell-3.0/ powershell-1.0

Question

I have got the below powershell script from Microsoft blog. It exactly satisfies my environment needs, but it shows the password expiry date as true or false. I need to extract exact password expiry date of all the local user's. Please can someone help with the below script to get the local user account expiry date along with other information. 

Param
(
[Parameter(Position=0,Mandatory=$false)]
[ValidateNotNullorEmpty()]
[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
[Parameter(Position=1,Mandatory=$false)]
[Alias('un')][String[]]$AccountName,
[Parameter(Position=2,Mandatory=$false)]
[Alias('cred')][System.Management.Automation.PsCredential]$Credential
)

$Obj = @()
$now = Get-Date
Foreach($Computer in $ComputerName)
{
If($Credential)
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
}
else
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
}

Foreach($LocalAccount in $AllLocalAccounts)
{



    $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value




    $Object = New-Object -TypeName PSObject

    $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
    $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
        $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
        $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
        $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
    $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
    $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
    $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
    $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
    $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
    $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now-($now.AddSeconds(-$rawPWAge))).Days
    $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description




    $Obj+=$Object
}

If($AccountName)
{
    Foreach($Account in $AccountName)
    {
        $Obj|Where-Object{$_.Name -like "$Account"}
    }
}
else
{
    $Obj
}
}

1 answers

solution1
 0 ACCPTED  2014-07-07 12:19:05

To get the password expiry date you need to subtract PasswordAge from MaxPasswordAge and add the resulting number of seconds to $now : 

$user = [adsi]"WinNT://$computer/$($LocalAccount.Name),user"
$rawPWAge = $user.PasswordAge.Value
$maxPWAge = $user.MaxPasswordAge.Value
...
$Object | Add-Member -MemberType NoteProperty -Name 'Password Expiry Date' `
                -Value $now.AddSeconds($maxPWAge - $rawPWAge)

As a side note, you should never use $Obj+=$Object in a loop. Adding objects to an array will copy all items from the existing array to a new array (size + 1), so the operation is guaranteed to perform poorly. Better use a ForEach-Object loop in a pipeline: 

$Obj = $AllLocalAccounts | ForEach-Object {
         $user = ([adsi]"WinNT://$computer/$($_.Name),user")
         $pwAge    = $user.PasswordAge.Value
         $maxPwAge = $user.MaxPasswordAge.Value
         $pwLastSet = $now.AddSeconds(-$pwAge)

         New-Object -TypeName PSObject -Property @{
           'Name'                 = $_.Name
           'Full Name'            = $_.FullName
           'Disabled'             = $_.Disabled
           'Status'               = $_.Status
           'LockOut'              = $_.LockOut
           'Password Expires'     = $_.PasswordExpires
           'Password Required'    = $_.PasswordRequired
           'Account Type'         = $_.AccountType
           'Domain'               = $_.Domain
           'Password Last Set'    = $pwLastSet
           'Password Age'         = ($now - $pwLastSet).Days
           'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
           'Description'          = $_.Description
         }
       }

This will automagically produce a list of objects which is then assigned to $Obj .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Powershell script to find the user password expiry date and renew it for customize date POWERSHELL: Get password expiry date with UserPrincipal Get Azure Active Directory password expiry date in PowerShell Set a powershell Expiry Date Get Password expiry date for one single user in AD Need to use powershell to login to multiple IP with the same local user / password no Prompt Setting user rights assignment of local security policy using powershell/cmd What is the alternative of export from unix to powershell, Set works for CMD only. I need it for powershell Force the password expiration date for a LOCAL user account Pop up notification for user password expiry
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM