45 lines
1.6 KiB
PowerShell
45 lines
1.6 KiB
PowerShell
# Set the number of days to check for unchanged passwords
|
|
$daysThreshold = 1000
|
|
|
|
# Prompt the user to select an Organizational Unit (OU)
|
|
$selectedOU = Read-Host "Enter the DistinguishedName of an OU (EX: OU=SUBNAME,OU=Name,DC=DOMAIN,DC=LOCAL). Leave blank to search the entire domain."
|
|
|
|
# Get the current date
|
|
$currentDate = Get-Date
|
|
|
|
# Calculate the date X days ago
|
|
$thresholdDate = $currentDate.AddDays(-$daysThreshold)
|
|
|
|
# Get users from Active Directory
|
|
if ([string]::IsNullOrEmpty($selectedOU)) {
|
|
$users = Get-ADUser -Filter * -Properties PasswordLastSet, Enabled, DisplayName, CannotChangePassword
|
|
} else {
|
|
$users = Get-ADUser -Filter * -SearchBase $selectedOU -Properties PasswordLastSet, Enabled, DisplayName, CannotChangePassword
|
|
}
|
|
|
|
# Iterate through each user and check if their password has not been changed in X days
|
|
$results = @()
|
|
foreach ($user in $users) {
|
|
if ($user.Enabled -eq $true) {
|
|
$passwordLastSet = $user.PasswordLastSet
|
|
|
|
# If PasswordLastSet is null or empty, skip the user
|
|
if (-not $passwordLastSet) {
|
|
continue
|
|
}
|
|
|
|
# Compare the last password change date with the threshold date
|
|
if ($passwordLastSet -lt $thresholdDate) {
|
|
$result = [PSCustomObject]@{
|
|
DisplayName = $user.DisplayName
|
|
SAMAccountName = $user.SamAccountName
|
|
LastPasswordSet = $passwordLastSet
|
|
CanChangePassword = -not $user.CannotChangePassword
|
|
}
|
|
$results += $result
|
|
}
|
|
}
|
|
}
|
|
|
|
# Output the results in a table format
|
|
$results | Sort LastPasswordSet | Format-Table -AutoSize |