Hectormalvarez/Get-ADAccountInformation.ps1

## Get-ADAccountInformation.ps1
function Get-ADAccountInformation {
    <#
    .SYNOPSIS
    Retrieves detailed Active Directory account information for a specified user.

    .DESCRIPTION
    This function provides the following information about an AD user:
    * Enabled status
    * Lockout status (if locked out)
    * Lockout time (if locked out, both local and UTC)
    * Whether the lockout occurred after the last password change (if locked out)
    * Password status (expired, expiration date, or time since expiration)
    * Password last set date and time
    * Account expiration status (if applicable)
    * Account expiration date and time (if applicable, both local and UTC)

    The function can find users by their TMID (employee ID).

    .PARAMETER TMID
    The user's TMID (employee ID).

    .EXAMPLE
    Get-ADAccountInformation -TMID adm.t1.2340508

    .EXAMPLE
    Get-ADAccountInformation -TMID 123456

    .EXAMPLE
    # Scenario 1: Active account, password not expired
    Get-ADAccountInformation -TMID jsmith | Format-List

    Name               : Jane Smith
    Enabled            : True
    AccountExpired     : False
    LockedOut          : False
    PasswordExpired    : False
    PasswordExpires    : 6/3/2024 4:50:00 PM

    .EXAMPLE
    # Scenario 2: Account locked out, password expired
    Get-ADAccountInformation -TMID bbrown | Format-List

    Name               : Bob Brown
    Enabled            : True
    AccountExpired     : False
    PasswordLastSet    : 1/2/2024 5:04:35 PM
    LockedOut          : True
    LockoutTime        : 4/3/2024 9:21:15 AM
    LockoutTimeUTC     : 4/3/2024 2:21:15 PM
    LockedAfterPasswordSet : False
    PasswordExpired    : True
    PasswordExpiredSince   : 4/2/2024 5:04:35 PM

    .EXAMPLE
    # Scenario 3: Expired account
    Get-ADAccountInformation -TMID ajones | Format-List

    Name                     : Alex Jones
    Enabled                  : True
    AccountExpired           : True
    AccountExpirationDate    : 3/28/2024 9:31:00 AM
    AccountExpirationDateUTC : 3/28/2024 2:31:00 PM
    PasswordLastSet          : 1/29/2024 11:15:22 PM
    PasswordExpired          : False
    LockedOut                : False

    .EXAMPLE
    # Scenario 4: Active account, locked out, password not expired
    Get-ADAccountInformation -TMID cjohnson | Format-List

    Name               : Chris Johnson
    Enabled            : True
    AccountExpired     : False
    PasswordLastSet    : 3/22/2024 2:45:39 PM
    PasswordExpired    : False
    LockedOut          : True
    LockoutTime        : 4/3/2024 10:55:01 AM
    LockoutTimeUTC     : 4/3/2024 3:55:01 PM
    LockedAfterPasswordSet : True
    #>

    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string] $TMID
    )

    if ($TMID -match 'adm|aad') {
        $user = Get-ADUser -Filter { SamAccountName -eq $TMID }
    }
    else {
        $user = Get-ADUser -Filter "employeeid -eq '$TMID'" -Properties '*'
    }

    $userInfo = [PSCustomObject][ordered]@{
        Name            = $user.Name
        Enabled         = $user.Enabled
        AccountExpired  = if ($user.AccountExpirationDate) { 'True' } else { 'False' }
        LockedOut       = $user.LockedOut
        PasswordExpired = $user.PasswordExpired
    }

    if ($user.PasswordExpired) {
        $userInfo.PasswordExpiredSince = ($user.PasswordLastSet).AddDays(90)
    }
    else {
        $userInfo.PasswordExpires = (Get-Date $user.PasswordLastSet).AddDays(90)
    }
    if ($user.lockoutTime) {
        $userInfo += @{
            PasswordLastSet        = Get-Date $user.PasswordLastSet
            LockoutTime            = (Get-Date $user.lockoutTime).ToLocalTime()
            LockoutTimeUTC         = Get-Date $user.lockoutTime
            LockedAfterPasswordSet = ((Get-Date $user.lockoutTime) -le $user.PasswordLastSet)
        }
    }
    if ($user.AccountExpired) {
        $userInfo += @{
            AccountExpirationDate    = (Get-Date $user.AccountExpirationDate).ToLocalTime()
            AccountExpirationDateUTC = Get-Date $user.AccountExpirationDate
        }
    }

    Write-Output $userInfo
}
	function Get-ADAccountInformation {
	<#
	.SYNOPSIS
	Retrieves detailed Active Directory account information for a specified user.

	.DESCRIPTION
	This function provides the following information about an AD user:
	* Enabled status
	* Lockout status (if locked out)
	* Lockout time (if locked out, both local and UTC)
	* Whether the lockout occurred after the last password change (if locked out)
	* Password status (expired, expiration date, or time since expiration)
	* Password last set date and time
	* Account expiration status (if applicable)
	* Account expiration date and time (if applicable, both local and UTC)

	The function can find users by their TMID (employee ID).

	.PARAMETER TMID
	The user's TMID (employee ID).

	.EXAMPLE
	Get-ADAccountInformation -TMID adm.t1.2340508

	.EXAMPLE
	Get-ADAccountInformation -TMID 123456

	.EXAMPLE
	# Scenario 1: Active account, password not expired
	Get-ADAccountInformation -TMID jsmith \| Format-List

	Name : Jane Smith
	Enabled : True
	AccountExpired : False
	LockedOut : False
	PasswordExpired : False
	PasswordExpires : 6/3/2024 4:50:00 PM

	.EXAMPLE
	# Scenario 2: Account locked out, password expired
	Get-ADAccountInformation -TMID bbrown \| Format-List

	Name : Bob Brown
	Enabled : True
	AccountExpired : False
	PasswordLastSet : 1/2/2024 5:04:35 PM
	LockedOut : True
	LockoutTime : 4/3/2024 9:21:15 AM
	LockoutTimeUTC : 4/3/2024 2:21:15 PM
	LockedAfterPasswordSet : False
	PasswordExpired : True
	PasswordExpiredSince : 4/2/2024 5:04:35 PM

	.EXAMPLE
	# Scenario 3: Expired account
	Get-ADAccountInformation -TMID ajones \| Format-List

	Name : Alex Jones
	Enabled : True
	AccountExpired : True
	AccountExpirationDate : 3/28/2024 9:31:00 AM
	AccountExpirationDateUTC : 3/28/2024 2:31:00 PM
	PasswordLastSet : 1/29/2024 11:15:22 PM
	PasswordExpired : False
	LockedOut : False

	.EXAMPLE
	# Scenario 4: Active account, locked out, password not expired
	Get-ADAccountInformation -TMID cjohnson \| Format-List

	Name : Chris Johnson
	Enabled : True
	AccountExpired : False
	PasswordLastSet : 3/22/2024 2:45:39 PM
	PasswordExpired : False
	LockedOut : True
	LockoutTime : 4/3/2024 10:55:01 AM
	LockoutTimeUTC : 4/3/2024 3:55:01 PM
	LockedAfterPasswordSet : True
	#>

	[CmdletBinding()]
	Param (
	[Parameter(Mandatory = $true)]
	[string] $TMID
	)

	if ($TMID -match 'adm\|aad') {
	$user = Get-ADUser -Filter { SamAccountName -eq $TMID }
	}
	else {
	$user = Get-ADUser -Filter "employeeid -eq '$TMID'" -Properties '*'
	}

	$userInfo = [PSCustomObject][ordered]@{
	Name = $user.Name
	Enabled = $user.Enabled
	AccountExpired = if ($user.AccountExpirationDate) { 'True' } else { 'False' }
	LockedOut = $user.LockedOut
	PasswordExpired = $user.PasswordExpired
	}

	if ($user.PasswordExpired) {
	$userInfo.PasswordExpiredSince = ($user.PasswordLastSet).AddDays(90)
	}
	else {
	$userInfo.PasswordExpires = (Get-Date $user.PasswordLastSet).AddDays(90)
	}
	if ($user.lockoutTime) {
	$userInfo += @{
	PasswordLastSet = Get-Date $user.PasswordLastSet
	LockoutTime = (Get-Date $user.lockoutTime).ToLocalTime()
	LockoutTimeUTC = Get-Date $user.lockoutTime
	LockedAfterPasswordSet = ((Get-Date $user.lockoutTime) -le $user.PasswordLastSet)
	}
	}
	if ($user.AccountExpired) {
	$userInfo += @{
	AccountExpirationDate = (Get-Date $user.AccountExpirationDate).ToLocalTime()
	AccountExpirationDateUTC = Get-Date $user.AccountExpirationDate
	}
	}

	Write-Output $userInfo
	}