Hello,
I’m a noob when it comes to Powershell, and I have a big issue with creating a script, that would get Active Directory accounts that have passed their expiration date, but were not put to disabled state automatically.
The main issue is that I don’t know what kind of parameter should I use to get a result of “account expires before today”.
I went through lots of forums and Microsoft support pages, but I was unable to figure out how to do this. This is the code I’ve created but it need it to be more specific, so it shows all the Active accounts that have an Expiry Date before today so I don’t have to update the date every day.
Search-ADAccount -UsersOnly -AccountInactive |Where-Object { $_.Enabled -eq $true}
I have tried to use the Get-Date but I failed to figure out what would be the “before” factor in this.
All help will be really appreciated!
Install-Module AZSBTools -Force -AllowClobber
$UserList = Get-SBADUser
$EnabledExpiredUsers = $UserList | where { $_.dateexpires -ge [DateTime]'1/1/1700' -and
$_.dateexpires -le (Get-date) -and
$_.useraccountcontrol -notmatch 'Disabled' }
$EnabledExpiredUsers
As for …
'I'm a noob when it comes to Powershell'
How new?
What training have you tried / searched for?
There are plenty of free training resources to leverage as well as tools provided from MS that will write the base line code for you that you can later tweak as needed.
Examples:
Introduction to Active Directory Administrative Center Enhancements (Level 100)
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-
Learning PowerShell with Active Directory Administrative Center (PowerShell History Viewer)
Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2
Use Active Directory Administrative Center to Create PowerShell Commands in Windows Server 2012
https://www.petri.com/use-active-directory-administrative-center-create-powershell-commands
You use the PowerShell help files to look at all available properties give you and select and compare from there ir use Get-Member against one object.
So, playing with stuff like…
Clear-Host
# Select only the first user and show all properties. methods, etc.
(Search-ADAccount -UsersOnly -AccountInactive |
Where-Object { $_.Enabled -eq $true})[0] |
Get-Member
Clear-Host
# Select All users and only the needed properties
Search-ADAccount -UsersOnly -AccountInactive |
Where-Object { $_.Enabled -eq $true} |
Select-Object -Property SamAccountName, Enabled, AccountExpirationDate
Clear-Host
# Select All users and only the needed properties where AccountExpirationDate
Search-ADAccount -UsersOnly -AccountInactive |
Select-Object -Property SamAccountName, Enabled, AccountExpirationDate |
Where-Object { $PSItem.Enabled -eq $true -And $PSItem.AccountExpirationDate -lt (Get-Date) }
Other resources
See also posts here for other resource suggestions here:
Learning this stuff.
https://www.reddit.com/r/PowerShell/comments/bserj9/learn_powershell/eooduq9/?context=3
https://www.reddit.com/r/PowerShell/comments/bserj9/learn_powershell/eoodxzu/?context=3
Best Practices
https://www.reddit.com/user/get-postanote
Passwords
https://www.reddit.com/r/PowerShell/comments/bv7ywa/whats_the_best_practice_for_passwords_in_ps/epoux2c/?context=3
https://www.reddit.com/r/PowerShell/comments/c5qbjb/how_to_store_password_in_powershell_file/
Practice with PSKoans
PSKoans : 0.50.0
A module designed to provide a crash-course introduction to PowerShell with programming koans.
PowerShell Gallery | PSKoans 0.50.0