{"id":170,"date":"2018-02-26T20:03:53","date_gmt":"2018-02-26T20:03:53","guid":{"rendered":"http:\/\/107.181.191.134\/?p=170"},"modified":"2018-02-26T20:03:53","modified_gmt":"2018-02-26T20:03:53","slug":"managing-adsi-users-with-powershell","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2018\/02\/26\/managing-adsi-users-with-powershell\/","title":{"rendered":"Managing ADSI Users with PowerShell"},"content":{"rendered":"<p>Platform: Windows 2012<br \/>\nModule Required: activedirectory<br \/>\nHere are some quick and dirty ways to find locked out, disabled, expired, expiring, inactive, locked out, password expired, password never expires.<br \/>\n<strong> Using Get-Aduser with a little more scripting <\/strong><br \/>\nget-aduser -filter * -properties * | select-object name, @{name=&#8221;lastlogon&#8221;;expression={[datetime]::fromfiletime($_.lastlogon)}} | s<br \/>\nort-object lastlogon<br \/>\nThe rest of the examples are from Search-ADAccount get-help -examples<br \/>\n<strong>Search-ADAccount<\/strong> -parameter<br \/>\nHere are some examples from the help:<br \/>\n Gets Active Directory user, computer, or service accounts.<br \/>\n    C:\\PS>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A<br \/>\n    Name            ObjectClass<br \/>\n    &#8212;-            &#8212;&#8212;&#8212;&#8211;<br \/>\n    Guest           user<br \/>\n    krbtgt          user<br \/>\n    krbtgt_51399    user<br \/>\n    AmyAl-LPTOP     computer<br \/>\n    DeepakAn-DSKTOP computer<br \/>\n     C:\\PS>Search-AdAccount -AccountDisabled -SearchBase &#8220;DC=AppNC&#8221; -Server &#8220;FABRIKAM-SRV1:60000&#8221;<br \/>\n    Enabled               : False<br \/>\n    Name                  : SanjayPatel<br \/>\n    UserPrincipalName     :<br \/>\n    PasswordNeverExpires  :<br \/>\n    LockedOut             : False<br \/>\n    ObjectGUID            : d671de28-6e40-42a7-b32c-63d336de296d<br \/>\n    ObjectClass           : user<br \/>\n    SID                   : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944<br \/>\n    PasswordExpired       : False<br \/>\n    LastLogonDate         :<br \/>\n    DistinguishedName     : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC<br \/>\n    AccountExpirationDate :<br \/>\n    Description<br \/>\n    &#8212;&#8212;&#8212;&#8211;<br \/>\n    Returns all users, computers and service accounts that are disabled in the LDS instance: &#8220;FABRIKAM-SRV1:60000&#8221;.<br \/>\n    C:\\PS>Search-ADAccount -AccountExpiring -DateTime &#8220;3\/18\/2009&#8221; | FT Name,ObjectClass -A<br \/>\n    Name         ObjectClass<br \/>\n    &#8212;-         &#8212;&#8212;&#8212;&#8211;<br \/>\n    Anders Riis  user<br \/>\n    Description<br \/>\n    &#8212;&#8212;&#8212;&#8211;<br \/>\n    Returns all accounts which expire on the 18th of March, 2009.<br \/>\nC:\\PS>Search-ADAccount -LockedOut | FT Name,ObjectClass -A<br \/>\n    Name           ObjectClass<br \/>\n    &#8212;-           &#8212;&#8212;&#8212;&#8211;<br \/>\n    Toni Poe       user<br \/>\n    Description<br \/>\n    &#8212;&#8212;&#8212;&#8211;<br \/>\n    Returns all accounts that have been locked out.<br \/>\nC:\\PS>Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A<br \/>\n    Name           ObjectClass<br \/>\n    &#8212;-           &#8212;&#8212;&#8212;&#8211;<br \/>\n    Guest          user<br \/>\n    Toni Poe       user<br \/>\n    Anders Riis    user<br \/>\n    Fabien Hernoux user<br \/>\n    Description<br \/>\n    &#8212;&#8212;&#8212;&#8211;<br \/>\n    Returns all accounts with a password that will never expire.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Platform: Windows 2012 Module Required: activedirectory Here are some quick and dirty ways to find locked out, disabled, expired, expiring, inactive, locked out, password expired, password never expires. Using Get-Aduser with a little more scripting get-aduser -filter * -properties * | select-object name, @{name=&#8221;lastlogon&#8221;;expression={[datetime]::fromfiletime($_.lastlogon)}} | s ort-object lastlogon The rest of the examples are from&hellip; <a class=\"more-link\" href=\"https:\/\/certcent.io\/index.php\/2018\/02\/26\/managing-adsi-users-with-powershell\/\">Continue reading <span class=\"screen-reader-text\">Managing ADSI Users with PowerShell<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/170"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=170"}],"version-history":[{"count":0,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/170\/revisions"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}