Created
June 17, 2016 16:21
-
-
Save jhamilton09/17ba2b8a899718bd95e9b216aeb734f5 to your computer and use it in GitHub Desktop.
Query Active Directory for number of users with expired or expiring (in next 30 days) passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Name of the script: ADPwdExpired.ps1 | |
Author of the script: Jason Hamilton, www.404TechSupport.com | |
Version of the script: 0.1 | |
Description: Query Active Directory for number of users with expired or expiring (in next 30 days) passwords | |
Version of PowerShell required: 3.0 | |
If Elevated permissions required: No, but read access to AD is required. | |
If specific modules are required: No. | |
Ideas for future improvement: | |
Known errors: | |
#> | |
# Function description: Performs the query of AD and calculates the numbers. | |
# Parameters: Name of the group and Distinguished Name of the OU for the SearchBase in the AD query | |
# Returns: Writes to host queried and calculated numbers | |
function query($name, $sb) { | |
Write-Host "Querying $name..." | |
#Query AD for enabled users that have password expiration policies | |
$ADQuery = Get-ADUser -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -SearchBase $sb -properties name, PasswordExpired, PasswordLastSet, msDS-UserPasswordExpiryTimeComputed | Select-Object Name, Enabled, PasswordExpired, PasswordLastSet, @{Name=“PwdExpireDate”;Expression={[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}} | |
$PwdExp = $ADQuery | Where-Object {$_.PasswordExpired -eq $True} | |
$Pct = ($PwdExp.count / $ADQuery.count) * 100.00 | |
$Pct = "{0:N2}" -f $Pct | |
#Calculate the date 30 days out so that it can be used to determine upcoming expirations | |
$today = get-date | |
$days30 = New-TimeSpan -Days 30 | |
$month = $today + $days30 | |
$Expire30 = $ADQuery | Where-Object {$_.PwdExpireDate -ge $today -and $_.PwdExpireDate -le $month} | |
$PwdExpin30 = $Expire30.count | |
Write-Host "Total " $name ": " $ADQuery.count | |
Write-Host "$name with expired passwords: " $PwdExp.count " or " $Pct"%" | |
Write-Host "$name whose passwords will expire in the next 30 days: " $PwdExpin30 | |
Write-Host " " | |
} | |
Clear-Host | |
# This line calls the query function. Repeat with parameters of group name and DN of OU in AD | |
query PR "OU=PR,OU=Users,DC=ad,DC=domain,DC=fqdn" | |
query Executives "OU=Execs,OU=Users,DC=ad,DC=domain,DC=fqdn" | |
# Close equivalent to batch Pause | |
Read-Host 'Press Enter to close...' | Out-Null | |
Exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment