This probably sounds weird, but because of the AD structure I inherited I need to do a Powershell search that covers the entire AD apart from 1 OU, or excludes specific users (accounts with a numeric value as the sAMAccountName).
I am using the following code to search for the last password reset,
get-aduser -filter * -properties PasswordLastSet | ft sAMAccountName,PasswordLastSet | Export-CSV c:\temp\PasswordSetDate.csv
but we have a huge number of student accounts that can lay dormant for extended times, when the student signs up for another class they still need access to their old data so the accounts have to be retained for a long time. I do not want these accounts cluttering up my output file, but this search pulls all AD accounts, including the 50000+ student accounts currently "live" in the directory.
First question is can I exclude the student accounts (they are in a dedicated OU) by excluding the OU or can I exclude accounts where the sAMAccountName is numeric (regular accounts are alpha or alphanumeric).
Second question is why the csv contains nothing but hexadecimal output? If I output to screen I get names and dates listed, if I output to a text file I get the same, easier to read but in no order. If I try to add a sort, as below
get-aduser -filter * -properties PasswordLastSet | sort PasswordLastSet | ft sAMAccountName,PasswordLastSet | Export-csv c:\temp\PasswordSetDate.txt
Powershell locks up and no file is created.
What am I missing?
The reason for doing this is we recently implemented a new password policy, but until users reset their password it does not take effect. The new policy was to strengthen password to allow us to migrate to Exchange 2013. A number of users have lost access to shared/service accounts because they have not been reset and, rather than waiting to see what else breaks when accounts move I want to get this list of when passwords were reset. I know there are easier ways to do this, but I want to understand how to do it via Powershell.