0

我尝试从我的 DC 用户列表中提取最后一次密码更改并将此日期与当前日期进行比较。测试 6 个月前的 10 天是否通过我的测试“如果不工作,我认为有格式日期问题但我不知道。你能帮帮我吗?

$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Get-ADUser -Properties SamAccountName,Mail,PasswordLastSet | 
         Select-Object Name,SamAccountName,Mail,PasswordLastSet 

foreach ($user in $users) 
{
    if ( Get-Date.addDays(-10) -gt $($user.PasswordLastSet).AddDays(180) )
    {
        Write-Output $($user.SamAccountName) $($user.PasswordLastSet)
    }
}
4

2 回答 2

3

Get-Date.addDays(-10)是错误的,应该是(Get-Date).AddDays(-10)

我还建议通过使用来删除时间部分,(Get-Date).AddDays(-10).Date以便有效地将参考日期设置为午夜。

在这种Select-Object Name,SamAccountName,Mail,PasswordLastSet情况下是多余的。

尝试这样的事情:

$refDate = (get-Date).AddDays(-10).Date

# Get-ADGroupMember can return users, groups, and computers. 
$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Where-Object { $_.objectClass -eq 'user' } |
         Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet

foreach ($user in $users) {
    if (!$user.PasswordNotRequired) {  # some users may not need to have a password?
        if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
            Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
        }
    }
}
于 2021-12-17T10:44:14.127 回答
0

太好了,除了错误之外它可以工作,但我认为这是因为 user.passewordLastSet

$refDate = (Get-Date).AddDays(-10).Date

$users = Get-ADGroupMember -Identity "GROUP" -Recursive | 
         Get-ADUser -Properties EmailAddress, PasswordNotRequired, PasswordLastSet


foreach ($user in $users) {
    if (!$user.PasswordNotRequired) {  # some users may not need to have a password?
         if ($user.PasswordLastSet) {
            if ($refDate -gt $user.PasswordLastSet.AddDays(180)) {
                Write-Output "$($user.SamAccountName) $($user.PasswordLastSet) $($user.EmailAddress)"
            }
        }
    }
}
于 2021-12-17T15:25:19.130 回答