It is the second output I want - how do I ensure returning the value (@smith.com) and not the label (emailAddress)? Is there a simple rule to force the value to be used instead of the label? What am I missing?
I don’t expect the rest of my script to be relevant, but as it is my first* and I’m not sure, its attached here. You’ll note that this is not really my work - just an adaptation of others work (borrowed this approach from u$)
foreach ($user in $group.members)
# only process users valid for my domain (should just check it ends "@smith.com")
IF (($user.emailAddress).length -gt 5)
#Is user prohibited from changing password?
if ($user.UserCannotChangePassword -eq $false)
#is user enabled?
if ($user.Enabled -eq $true)
#calculate number of days before expiry
$daysRemaining = ($user.LastPasswordSet.AddDays($MaxPwdAge) - $todaysDate).Days
#Has Password got ($maxWarningDays or less) before expiry?
if (($daysRemaining -lt 8) -And ($daysRemaining -gt 0))
$emailAddStr = $user.emailAddress
#password is old enough for warning - and has not expired
echo "FOUND ONE!! $emailAddStr password expires in $daysRemaining days"
#send nag email
# Echo EVERY user to screen for debugging
$debStr = $user.emailAddress
echo "DEBUG INFO $debStr password expires in $daysRemaining days"