Hi,
I have a query in below powershell script. My intention is to collect Active Directory user account details whose password is been changed past 7 days and also to confirm whether the account is enabled or disabled. From below script I am able to get the account status, but not able to collect the users details who have changed the password in past 7 days.
Can anyone please help me to correct this ?
param (
$PwdAge = 7
)
$PwdDate = (Get-Date).AddDays(-$PwdAge).ToFileTime()
(New-Object DirectoryServices.DirectorySearcher -Property @{
Filter = "(&(objectclass=user)(objectcategory=person)(pwdlastset<=$PwdDate))"
PageSize = 500
}).FindAll() | ForEach-Object {
New-Object -TypeName PSCustomObject -Property @{
samaccountname = [ADSI]'LDAP://cn=users,dc=oradev,dc=oracleorp,dc=com'
pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
enabled = -not [boolean]([int64]($_.properties.useraccountcontrol -join '') -band 2)
}
}
