|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
10-13-2008
| #1 (permalink) |
| | Determine computer objects password days Is there a way to determine the AD computer object password days ? Eg i wish to extract machines that password was not changed for more than 180 days, etc I think if computer is offline for *too long*, and if it is bring up to the domain again, the machine may need to rejoin domain. What functions are there in powershell to determine this ? |
My System Specs |
|
10-13-2008
| #2 (permalink) |
| | Re: Determine computer objects password days On Oct 13, 1:48*am, "IT Staff" <jkk...@xxxxxx> wrote: Quote: > Is there a way to determine the AD computer object password days ? Eg i wish > to extract machines that password was not changed for more than 180 days, > etc > > I think if computer is offline for *too long*, and if it is bring up to the > domain again, the machine may need to rejoin domain. > > What functions are there in powershell to determine this ? lastLogonTimeStamp property of its object in AD, which will be mostly accurate (replicates slowly). There's also an attribute called pwdLastSet for the date that the password was last set. All computers are users, so the same attributes apply when it comes to passwords. |
| My System Specs |
|
10-13-2008
| #3 (permalink) |
| | Re: Determine computer objects password days On Oct 13, 2:19*am, tojo2000 <tojo2...@xxxxxx> wrote: Quote: > On Oct 13, 1:48*am, "IT Staff" <jkk...@xxxxxx> wrote: Quote: > There's also an attribute called pwdLastSet for the date that the > password was last set. *All computers are users, so the same > attributes apply when it comes to passwords. Management shell cmdlets. This will get computer accounts that haven't changed their passwords in x days and move them to a pending delete OU. Also, you can make a goodlist so if some machines should not be deleted you don't have to skip them every time. #Where to look $searchroot = 'yourdomain.com/Computers' #get the good list into an array import-csv "move-over90days_goodlist.txt"|%{[array]$good += $_.name} $pendingdelete = "OU=PendingDelete,DC=yourdomain,DC=com" $old = (Get-Date).AddDays(-90) $logfile = "PendingDeleteLog.csv" $date = Get-Date # get the list of computers with the date earlier than this date $computers = Get-QADComputer -SearchRoot $searchroot - IncludedProperties pwdLastSet -SizeLimit 0 | where { $_.pwdLastSet -le $old } $computers |ft name, description, pwdLastSet write-host Found: $computers.count $computers| % { if ($good -notcontains $_.name) { if ((Read-Host Name: $_.name Description: $_.description LastChange: $_.pwdLastSet) -eq "y") { $ou = $_.ou $lastLogon = $_.pwdlastset $name = $_.name $out = "$name, $ou, $lastlogon, $date" Out-File -FilePath $logfile -Append -NoClobber -InputObject $out $a = Get-QADComputer $_.name|set-qadobject -ObjectAttributes @{userAccountControl=514}|Move-QADObject -to $pendingdelete Write-Host Disabled and moved $_.name Write-Host " " } } } |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| script to determine password expire date and send email notificati | PowerShell | |||
| Log On Password Expires in X days | Vista security | |||
| Password Expires in 60 days | Vista General | |||
| could not determine if this computer contains a valid system volum | Vista installation & setup | |||
| Setup cannot determine if this computer supports installation | Vista installation & setup | |||
