Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

How do I access the value of the field pwdLastSet in Active DirectoryHelpful Member! 

AndyH1 (Programmer) (OP)
9 Oct 11 8:23
Im a bit of a novice to PowerShell and AD, and am well outside my normal domain (which is web development) but have been asked to do the following. Write a script in Powershell to find ALL users in an Active Directory that have pwdLastSet set to 0, (in a for next loop so I can then process each user).  

I came across the code below which will loop through all objects of type People which I assume is what I need to do, but have no idea how to also do the additional check that pwdLastSet value = 0.

Can someone advise?
Thanks in advance

Andy

$Dom = 'LDAP://DC=YourDom;DC=YourExt'
$Root = New-Object DirectoryServices.DirectoryEntry
clear-Host
# Create a selector and start searching from the Root of AD
$selector = New-Object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root
# Filter the users with -like "CN=Person*". Note the ForEach loop
$adobj= $selector.findall() `
| where {$_.properties.objectcategory -like "CN=Person*"}
ForEach ($person in $adobj)
{
$prop=$person.properties
      Write-host "First name: $($prop.givenname) " `
      "Surname: $($prop.sn) User: $($prop.cn)"
}
write-host "`nThere are $($adobj.count) users in the $($root.name) domain with password = 0"
AndyH1 (Programmer) (OP)
9 Oct 11 9:50
I also wondered if this could be done simpler with the ActiveDirectory import

Would

 Import-Module ActiveDirectory -ea 0
 $users = Get-ADUser -Properties pwdLastSet -Filter 0

give me those users with pwdLastSet set to 0

or am I misunderstanding?
 
AndyH1 (Programmer) (OP)
10 Oct 11 4:41
In answer to (part) of my own question have found I cannot use the ActiveDirectory module as they are running win 2003 server and its only available on 2008
Helpful Member!  58sniper (MIS)
10 Oct 11 9:53
AndyH1 -

You can't use -ea 0 for the importing of the module, since you have no error trapping. If the importing of the module fails, the code following wouldn't work. You could use a function, such as the one I use in all of my scripts:

CODE --> PowerShell

function Get-ModuleStatus {
    param    (
        [parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No module name specified!")]
        [string]$name
    )
    if(!(Get-Module -name "$name")) {
        if(Get-Module -ListAvailable | ? {$_.name -eq "$name"}) {
            Import-Module -Name "$name"
            # module was imported
            return $true | Out-Null
        } else {
            # module was not available
            return $false | Out-Null
        }
    }else {
        # module was already imported
        # Write-Host "$name module already imported"
        return $true | Out-Null
    }
} # end function Get-ModuleStatus

And then use

CODE --> PowerShell

if (Get-ModuleStatus ActiveDirectory){
     # your code here
}

Do you have your Tek-Tips.com swag? I've got mine! Pick some up at https://www.advantageemblem.com/PromoItems/ApparelStore.aspx?CategoryId=392.

Stop by the new Tek-Tips group at LinkedIn. http://www.linkedin.com/groups/Networking-TekTipscom-forums-members-3952395

AndyH1 (Programmer) (OP)
10 Oct 11 11:46
Thanks 58sniper
AndyH1

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close