question

RonWalkerjr-9936 avatar image
0 Votes"
RonWalkerjr-9936 asked StoyanChalakov commented

What is wrong with this code? Trying to pull pwLastSet date for all users in OU

$verbosepreference = "continue"

$searchdate = '2020-07-02' #yyyy-MM-dd format
$searchbase = OU=365 - Insight Users,DC=ICPAZRDC2,DC=corp..com

$passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"

Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet
-searchbase $searchbase |
where { $.pwdLastSet -lt $passwordsNotChangedSince -and `
$
.pwdLastSet -ne 0 } |
Select-Object name,sAmAccountName,
@{Name="PasswordLastSet";Expression={
[datetime]::FromFileTimeUTC($_.pwdLastSet)
}
} | Export-Csv c:\kits\test.csv

windows-server-powershellwindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

StoyanChalakov avatar image
0 Votes"
StoyanChalakov answered StoyanChalakov edited

Hi,

I looked at the code and corrected some small syntax erros and now it is working (you need to adjust the $searchbase and if you want - the path to the csv):

 $verbosepreference = "continue"
    
 $searchdate = '2020-07-02' #yyyy-MM-dd format
 $searchbase = "OU=OU=365 - Insight Users,DC=Demo,DC=local"
    
 $passwordsNotChangedSince = $([datetime]::parseexact($searchdate,'2020-07-02',$null)).ToFileTime()
 write-verbose "Finding users whose passwords have not changed since $([datetime]::fromfiletimeUTC($passwordsNotChangedSince))"
    
 Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -searchbase $searchbase | where { ($_.pwdLastSet -lt $passwordsNotChangedSince) -and ($_.pwdLastSet -ne 0)} | Select-Object name,sAmAccountName,@{Name="PasswordLastSet";Expression={
 [datetime]::FromFileTimeUTC($_.pwdLastSet)
 }
 } | Export-Csv c:\temp\test1.csv

I hope I could help out.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)


Best regards,
Stoyan

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered IanXue-MSFT edited

Hi,

According to the error message, the distinguishedName of the OU in $searchbase is not correct. Try getting it by running this

 (Get-ADOrganizationalUnit -LDAPFilter '(name=365 - Insight Users*)').distinguishedname

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RonWalkerjr-9936 avatar image
0 Votes"
RonWalkerjr-9936 answered StoyanChalakov commented

Stoyan,

Thanks for responding, but with this modified script I'm getting the following error. I'm not a strong PS user, so when you say change the $searchbase please explain?

Please assist when possible.

Get-ADUser : The supplied distinguishedName must belong to one of the following partition(s): 'DC=corp,DC=insightpartners,DC=com ,
CN=Configuration,DC=corp,DC=insightpartners,DC=com , CN=Schema,CN=Configuration,DC=corp,DC=insightpartners,DC=com'.
At line:1 char:2
+ Get-ADUser -filter { Enabled -eq $True } –Properties pwdLastSet -sea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RonWalkerjr-9936,

agree with IanXue, the value you have provided for the DN is not correct. You can get it either like he suggested or check in the attributes of your OU:

92859-image.png



(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Best regards,
Stoyan


0 Votes 0 ·
image.png (26.3 KiB)