ADUserOldPW.ps1
|
<#PSScriptInfo
.SYNOPSIS AD Accounts with passwords over 1-year old .DESCRIPTION Use this script to gather enabled Active Directory Accounts with passwords over 1-year old .VERSION 1.0.2 .AUTHOR gaseceh .PROJECTURI https://github.com/gaseceh .GUID 0d13314a-cd11-49b7-9956-012300fb026a .TAGS Active Directory, ActiveDirectory, AD, old password, aduser .NOTES Run this command as admin You must have Active Directory installed You must be connected to a domain within the network that you are scanning .CHANGELOG 1.0.2 Restricted to enabled accounts #> #used to get each domain within the forest $domains = (Get-ADForest).domains #set as a 1-year filter $pw_over_365 = (Get-Date).AddDays(-365) #loops thru each domain appending the file with accounts with passwords over 1-year old foreach ($domain in $domains){ get-aduser -Filter 'PasswordLastSet -lt $pw_over_365' -Properties * | Where-Object {$_.enabled -eq "True"} | Select-Object SamAccountName, PasswordLastSet, Enabled | out-file -Append $home\desktop\AD_PW_Old.txt } |