Powershell check pwdLastSet and set on "0" for an special OU
Hello,
I'm trying to check the date for the pwdLastSet and to force a new password
but unfortunately I get all users (incl. service account)
i wanted to filter on a database, for example
but it won't work :/
Could someone please help me
I'm trying to check the date for the pwdLastSet and to force a new password
Get-ADUser -LDAPFilter '(&(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(!(pwdLastSet>=133014796660000000)))'
but unfortunately I get all users (incl. service account)
i wanted to filter on a database, for example
get-aduser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de"
but it won't work :/
$users = get-aduser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de" | %{set-aduser $_ -Replace @{pwdLastSet=0}; set-aduser $_ -PasswordNeverExpires $false ; write-host "Attribut for '$($_.SamAccountName)' reset"}
Could someone please help me
Please also mark the comments that contributed to the solution of the article
Content-ID: 3348715536
Url: https://administrator.de/contentid/3348715536
Printed on: November 4, 2024 at 13:11 o'clock
3 Comments
Latest comment
Hi
Regards @colinardo
Get-AdUser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de" -Properties PasswordLastSet | ?{$_.Enabled -and $_.PasswordLastSet -lt (get-date).AddDays(-60) -and $_.PasswordLastSet -ne $null} | Set-ADUser -ChangePasswordAtLogon $true -verbose