Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I access the value of the field pwdLastSet in Active Directory 1

Status
Not open for further replies.
AndyH1

AndyH1

Programmer
Jan 11, 2004
350
GB
Im a bit of a novice to PowerShell and AD, and am well outside my normal domain (which is web development) but have been asked to do the following. Write a script in Powershell to find ALL users in an Active Directory that have pwdLastSet set to 0, (in a for next loop so I can then process each user).

I came across the code below which will loop through all objects of type People which I assume is what I need to do, but have no idea how to also do the additional check that pwdLastSet value = 0.

Can someone advise?
Thanks in advance

Andy

$Dom = 'LDAP://DC=YourDom;DC=YourExt'
$Root = New-Object DirectoryServices.DirectoryEntry
clear-Host
# Create a selector and start searching from the Root of AD
$selector = New-Object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root
# Filter the users with -like "CN=Person*". Note the ForEach loop
$adobj= $selector.findall() `
| where {$_.properties.objectcategory -like "CN=Person*"}
ForEach ($person in $adobj)
{
$prop=$person.properties
Write-host "First name: $($prop.givenname) " `
"Surname: $($prop.sn) User: $($prop.cn)"
}
write-host "`nThere are $($adobj.count) users in the $($root.name) domain with password = 0
 
Sort by date Sort by votes
I also wondered if this could be done simpler with the ActiveDirectory import

Would

Import-Module ActiveDirectory -ea 0
$users = Get-ADUser -Properties pwdLastSet -Filter 0

give me those users with pwdLastSet set to 0

or am I misunderstanding?
 
Upvote 0 Downvote
In answer to (part) of my own question have found I cannot use the ActiveDirectory module as they are running win 2003 server and its only available on 2008
 
Upvote 0 Downvote
AndyH1 -

You can't use -ea 0 for the importing of the module, since you have no error trapping. If the importing of the module fails, the code following wouldn't work. You could use a function, such as the one I use in all of my scripts:

Code: 
function Get-ModuleStatus { 
	param	(
		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No module name specified!")] 
		[string]$name
	)
	if(!(Get-Module -name "$name")) { 
		if(Get-Module -ListAvailable | ? {$_.name -eq "$name"}) { 
			Import-Module -Name "$name" 
			# module was imported
			return $true | Out-Null
		} else {
			# module was not available
			return $false | Out-Null
		}
	}else {
		# module was already imported
		# Write-Host "$name module already imported"
		return $true | Out-Null
	}
} # end function Get-ModuleStatus

And then use

Code: 
if (Get-ModuleStatus ActiveDirectory){
     # your code here
}

Do you have your Tek-Tips.com swag? I've got mine! Pick some up at
Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Ken Shaw
  • Locked
  • Question
Why I am getting a Cannot convert value "System.Object[]" to type "System.Xml.XmlDocu
Replies
3
Views
1K
Rick998
Rick998
Trob70
  • Locked
  • Question
Alter a character in all files in a directory and sub folders
Replies
0
Views
173
Trob70
Trob70
andyferris
  • Locked
  • Question
How to put in multiple values in a where-object filter
Replies
1
Views
979
wriedy
wriedy
Sparrow4
  • Locked
  • Question
Get the Policy Assignment for all users in Teams
Replies
0
Views
196
Sparrow4
Sparrow4
crookedm
  • Locked
  • Question
How to output to two columns
Replies
2
Views
820
crookedm
crookedm

Part and Inventory Search

Sponsor

Back
Top