stackoom
  简体   繁体   中英

Powershell - Active Directory - filter PasswordLastSet by today

 原文  2016-05-06 14:22:43       powershell/ active-directory

Question

I have the following powershell it works without the filter. However, if I want to see whether passwordlastset was today it throws an error. I am trying to compare the date (without the time).

This line throws error: 

Get-ADUser -identity svc-sap-dataRead -ldapfilter passwordlastset=get-date -properties passwordlastset

Get-ADUser -identity svc-sap-dataRead -properties passwordlastset

DistinguishedName : CN=svc-sap-dataRead,OU=Service Accounts,OU=SAP-
                    OG,OU=Applications,OU=Prod-Groups,DC=csi,DC=com
Enabled           : True
GivenName         :
Name              : svc-sap-dataRead
ObjectClass       : user
ObjectGUID        : dcbadba0-3cd7-4e51-9d14-d0e8a6be17f5
PasswordLastSet   : 5/6/2016 8:44:13 AM
SamAccountName    : svc-sap-dataRead
SID               : S-1-5-21-3791487480-1111548175-1301309645-519760
Surname           :
UserPrincipalName : svc-sap-dataRead@csi.com

Just tried the following code: it does not error nor gives me anything back. 

Get-ADUser -identity svc-sap-dataRead -properties passwordlastset |
where {$_.passwordlastset -eq (get-date)}|select-object passwordlastset, name

1 answers

solution1
 3 ACCPTED  2016-05-06 14:38:18

You're comparing the full DateTime, not just the day. In other words, you're comparing down to the minute. Put this in your where block: 

$pw = $_.passwordLastset;
$pw.ToShortDateString() -eq $(Get-Date).ToShortDateString()

edit: Here's the full command: 

Get-ADUser -Identity svc-sap-dataRead -Properties passwordLastSet | Where-Object {
    $pw = $_.passwordLastSet
    if ($pw -ne $null) {
        $pw.ToShortDateString() -eq (Get-Date).ToShortDateString()
    }
} | Select-Object passwordLastSet, Name

Your Where-Object is going to filter out users that don't meet the criteria in that block, in this case, users who haven't reset their passwords today.

If you just want a boolean value of whether they've reset their passwords today you might try something like this: 

$adUser = Get-ADUser -Identity svc-sap-dataRead -Properties passwordLastSet | Select-Object passwordLastSet, Name
$pw = $adUser.passwordLastSet
$resetPasswordToday = if ($pw -ne $null) { $pw.ToShortDateString() -eq (Get-Date).ToShortDateString() } else { $false }

This is getting the passwordLastSet attribute, seeing if it's null and if not seeing if it's date is today.
(Keep in mind, if you manually expire a password by checking the "User must change password" box, this essentially makes passwordLastSet null.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active Directory PowerShell Filter powershell to get exact date for passwordlastset Active directory - Powershell 90 days with filter powershell passwordlastset export to spread sheet How to Escape \ backslash character in PowerShell Active Directory filter Active directory in PowerShell Powershell Active Directory Active Directory and Powershell Powershell Active Directory DisplayName Powershell Active Directory Query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM