powershell password expiry help

Hi,

I am very new to powershell. I am trying to write scripts in order to practice and get better. Unfortunately I am terrible at this currently.

I am trying to write a script to output to the window if an AD user password was set more than or less than 100 days ago.

Currently I have the below, I am not sure whether I am completely wrong or close, any help is much appreciated and if someone could explain where I have gone wrong this would also be appreciated.

import-module activedirectory

$user = Get-ADUser -Identity “remotelabs” -Properties *

$PWLS = $user.PasswordLastSet

$date = get-date

if ($PWLS -gt $date.Day.100)
{Write-host “this needs changing”}
Elseif ($PWLS -lt $date.Day.100)
{Write-Host “This doesn’t need changing”}

thank you in advance,

You’re nearly there.

To get the date you want to compare against, i.e. the date 100 days ago, you need to use the AddDate method.

$date.AddDays(-100)

You’ve got your logic the wrong way round as well. Yesterday’s date is less than today’s date. So it should be

if ($PWLS -lt $date.AddDays(-100))
{Write-host "this needs changing"}
 Elseif ($PWLS -gt $date.AddDays(-100))
 {Write-Host "This doesn't need changing"}

If you want to accelerate your learning, I really recommend starting with PowerShell in a Month of Lunches.

Matt,

Thank you very much for replying and I’m glad I was nearly there.

I understand that you need .adddays as the property now.

I thought -lt -100 would be less than 100 days old (in the above code). But I guess I should read this as less than -100 so anything 100+(101,102) etc.

Thanks again,

Here are helpful resources for your reference.

http://www.morgantechspace.com/2015/03/powershell-get-ad-users-password-expiry-date.html

http://password-expiration-notification.blogspot.in/