We are utilizing some extended attributes on computer objects to monitor/report on membership of a security group to exclude them from a security policy. I am trying to write a report up to send a weekly email highlighting which ones will be expiring soon, but I can’t even get off the ground here.
The date/time is not reporting correctly at all when I Write-Host within the if’s comparison operator, so either my logic is incorrect, or I’m simply going about this the wrong way.
08/14/2015 08:06:09 is less than 08/20/2015 09:16:05 COMP1 Expiring Soon! 02/07/2016 21:17:49 is less than 08/20/2015 09:16:05 COMP2 Expiring Soon! 09/11/2015 08:22:16 is greater than 08/20/2015 09:16:05 COMP3 not expiring soon 09/10/2015 14:53:52 is greater than 08/20/2015 09:16:05 COMP4 not expiring soon 02/07/2016 20:38:41 is less than 08/20/2015 09:16:05 COMP5 Expiring Soon! 08/18/2015 14:53:07 is less than 08/20/2015 09:16:05 COMP6 Expiring Soon!
Import-Module ActiveDirectory $expiresSoon = (Get-Date).AddDays(7) $computers = Get-ADGroupMember "TestGroup" | select -expandproperty name foreach ($computer in $computers) { $computerInfo = Get-ADComputer $computer -properties type, info, comment, wbempath, title, name, samaccountname $computerComment = $computerInfo | select -ExpandProperty comment if ($computerInfo.comment -lt $expiresSoon) { Write-Host "$computercomment is less than $expiresSoon" Write-Host "$computer Expiring Soon!" -foregroundcolor yellow } else { Write-Host "$computercomment is greater than $expiresSoon" Write-Host "$computer not expiring soon" -ForegroundColor Green } }
The Set-ADComputer comment attribute I’m specifically referencing here is part of another script. That command is:
$expirationDate = $date.AddDays($exclusionDuration) #exclusionDuration is an integer Set-ADComputer $computerName -Add @{ Comment = "$expirationDate"}