Query for AD Users that have not changed password for x-days

This script will return the samaccountname, pwdlastset and if an account is currently enabled or disabled. This script is part of the Active Directory Friday section of my blog.

 
 
 
 
 
4.8 Star
(4)
8,271 times
Add to favorites
Active Directory
11/2/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Run the script against a security group?
    1 Posts | Last post September 17, 2018
    • How can I modify the script to where I can run it against a security group instead of pulling users out of a particular OU?
      
      -W
  • Specifying an OU
    2 Posts | Last post November 02, 2016
    • I take it you can specify an OU to run this against? 
      
      Would it be the same method as "-SearchBase"? 
      
      Regards, 
      
      Dan 
    • Hello dkvista,
      
      I have updated the script to support the use of the -SearchBase parameter, you can use it to specify a LDAP path for an OU to limit the search to that OU. Here is an example of how to use it:
      
      .\Get-UnchangedPwdLastSet.ps1 -PwdAge 180 -SearchBase 'LDAP://OU=Business,DC=jaapbrasser,DC=com'
      
      Let me know if this is what you were looking for.
      
      
      Regards,
      
      Jaap Brasser
  • Shouldn't $PwdAge be negative?
    3 Posts | Last post August 16, 2016
    • A negative number of days should be added to today's date to get a date in the past.
    • That is correct, I also noticed that there was currently still a size limit on the number of results so I have also removed that.
      
      Thanks for taking the time to review my code Richard, I appreciate the feedback!
    • Hi Japp,
      
      Is it possible to find details as below after few modification in the script or is there any other script which you have?
      UseID  FirstName  lastName   Active Status Locked Status   LastLoginDate   CreateDate
  • AD Password reset report
    2 Posts | Last post March 16, 2015
    • Hi,
      I need a script to find out all the users of ad who have reset their password in 90 days.
      please send me in my email id  triyambaksinghjk@gmail.com
    • Then this script might be for you, did you try the script and did it give you the desired results?