-
Notifications
You must be signed in to change notification settings - Fork 1
/
GetADPwdExpiryDate.ps1
51 lines (46 loc) · 1.89 KB
/
GetADPwdExpiryDate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<#
###=>Actice Directory Account Status<=###
# Enabled/Disabled
# Password Expired.
# Password Expiry Date
# PasswordNeverExpires
# Lockout Status
# Exist or not.
#>
param
(
[Parameter(Mandatory = $true)][ValidateNotNullOrEmpty()]
[String] $SamId
)
$ErrorActionPreference = 'SilentlyContinue'
$PasswordExpired = (Get-ADUser $SamId -Properties PasswordExpired).PasswordExpired
$PasswordNeverExpires = (Get-ADUser $SamId -Properties PasswordNeverExpires).PasswordNeverExpires
$AccountEnabled = (Get-ADUser $SamId -Properties Enabled).Enabled
$AccountExistorNot = $null -ne ([ADSISearcher] "(sAMAccountName=$SamId)").FindOne()
If ($AccountExistorNot -eq $true) {
if ($PasswordNeverExpires -ne $false) {
Write-Output "$SamId password will never expire."
Exit
}
# Validate Account is Enabled.
If ($AccountEnabled -eq $true) {
# Validate Password is not expired
If ($PasswordExpired -eq $false) {
# Get AD Secret Expiry
$GetUserObj = Get-ADUser -filter { SamAccountName -eq $SamId -and Enabled -eq $True -and PasswordNeverExpires -eq $False } –Properties "SamAccountName", "msDS-UserPasswordExpiryTimeComputed", "UserPrincipalName", "Enabled", "LockedOut", "DistinguishedName" |
Select-Object -Property "SamAccountName", @{Name = "ExpiryDate"; Expression = { [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") } }, "UserPrincipalName", "Enabled", "LockedOut", "DistinguishedName"
Write-Output "$SamId password will be expired on: $($GetUserObj.ExpiryDate)"
Write-Output "<=====================>"
Write-Output $GetUserObj
}
else {
Write-Output "$SamId password is already expired!"
}
}
else {
Write-Output "$SamId is in Disabled state"
}
}
else {
Write-Output "$SamId does not exist in $env:USERDNSDOMAIN Domain"
}