Powershell check pwdLastSet and set on "0" for an special OU

Hello,

I'm trying to check the date for the pwdLastSet and to force a new password

Get-ADUser -LDAPFilter '(&(objectCategory=Person)(objectClass=User)(samAccountType:1.2.840.113556.1.4.803:=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(!(pwdLastSet>=133014796660000000)))'  

but unfortunately I get all users (incl. service account)
i wanted to filter on a database, for example

get-aduser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de"

but it won't work :/

$users = get-aduser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de" | %{set-aduser $_ -Replace @{pwdLastSet=0}; set-aduser $_ -PasswordNeverExpires $false ; write-host "Attribut for '$($_.SamAccountName)' reset"}  

Could someone please help me

Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben

Content-Key: 3348715536

Url: https://administrator.de/contentid/3348715536

Ausgedruckt am: 11.05.2024 um 02:05 Uhr

3 Kommentare

Neuester Kommentar

Get-AdUser -Filter * -SearchBase "OU=Vertrieb,dc=domain,dc=de" -Properties PasswordLastSet | ?{$_.Enabled -and $_.PasswordLastSet -lt (get-date).AddDays(-60) -and $_.PasswordLastSet -ne $null} | Set-ADUser -ChangePasswordAtLogon $true -verbose  