forked from jrussellfreelance/powershell-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
AD-passwords-expiring-csv.ps1
28 lines (28 loc) · 1.14 KB
/
AD-passwords-expiring-csv.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# This script exports a csv with passwords expiring that week
# Declare expiring soon group variable
Import-Module ActiveDirectory
$expiring = @()
# Grab AD Users that are enabled, and select the properties we need
$users = Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $false} -Properties "DisplayName", "mail", "PasswordLastSet"
# Get max password age
$max = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days
# Loop through every user
foreach ($user in $users) {
# Get the current date
$now = Get-Date
# Create normal date out of msDS-UserPwasswordExpiryTimeComputed property
$expiredate = $user.PasswordLastSet.AddDays($max)
# Create a timespan from the expire date and today's date
$diff = New-TimeSpan $now $expiredate
# If the timespan is less than seven and greater than zero, add the user to the expiring list.
if ($diff.Days -le 7 -and $diff.Days -ge 0) {
$entry = [PSCustomObject]@{
Name = $user.DisplayName
Email = $user.mail
ExpireDate = $expiredate
}
$expiring += $entry
}
}
# Export the list of expiring passwords to a csv
$expiring | Export-Csv -Path "$PSScriptRoot\expiring_soon.csv" -NoTypeInformation