Poniżej gotowiec wyciągnięty z mojego starego skryptu PS do wyszukiwania kont ze starymi hasłami.
$LdapSearchBase = "DC=moja,DC=firma,DC=pl"
# tylko konta aktywne
$ldapFilter = "(&(objectClass=user)(objectClass=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
$PropertyList = "sAMAccountName", "givenName", "sn", "mail", "canonicalName", "telephoneNumber", "mobile", "title", "department", "company", "office", "l" `
, "PasswordLastSet", "passwordNeverExpires", "LastLogonDate", "whenChanged", "BadLogonCount", "LastBadPasswordAttempt"
# kontenery wyłączone ze sprawdzania
$ServiceContainersArray = "OU=Other,DC=moja,DC=firma,DC=pl", "OU=Service,DC=moja,DC=firma,DC=pl"
write-host "pobieranie danych z domeny"
$objectCollection = Get-ADUser -SearchBase $LdapSearchBase -LDAPFilter $ldapFilter -Properties $PropertyList
write-host "lista kont domenowych ze starymi hasłami"
$TimeStamp = Get-Date -Format "yyyyMMddHHmm"
Set-Location $env:USERPROFILE
$OutputCSV = ".\Documents\Users_OldPass_ext_" + $TimeStamp + ".csv"
$objectCollection |
where {($_.PasswordLastSet -LT (Get-Date).AddMonths(-5) -and ($_.DistinguishedName -like "*OU=EXTERNAL_USERS,DC=moja,DC=firma,DC=pl"))} |
Select $PropertyList |
Export-Csv -Delimiter ";" -Path $OutputCSV -Encoding UTF8 -NoTypeInformation
--
Pawel