We Keep Coding

Password change notification problem exclude OU powershell

We are using a good script that we would like to extend to search for users everywhere except one OU. How can I do this?
Thanks in advance for your help!
PasswordChangeNotification
How to instert this code?
Get-ADOrganizationalUnit -filter * -SearchBase 'OU=test,DC=test,DC=com' | foreach {
if($_.distinguishedname -ne "OU=not,OU=that,OU=orgUnit,OU=test,DC=test,DC=com"){
$users=Get-ADUser -filter * -searchbase $_.distinguishedname -ResultPageSize 2000 -resultSetSize 500 -searchscope Onelevel | where-object enabled -eq true
$total=($users | measure-object).count
New-Object psobject -Property #{
OU=$_.Name;
A=$Total
}
}
}

On line 132 of the file you've linked to, you'll find the statement that actually queries Active Directory for the users:
$users = get-aduser -filter {(Enabled -eq $true) -and (PasswordNeverExpires -eq $false)} -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress | where { $_.passwordexpired -eq $false }
Add the following statement to the next line:
$users = $users |Where-Object distinguishedname -notlike "*,OU=not,OU=that,OU=orgUnit,OU=test,DC=test,DC=com"
... and leave the rest of the script as-is

Why is the the exported file blank?

I found this Powershell line that returns a list of users and password expiry dates:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
I have tried to pipe the out put to:
Export-Csv -Path .\Passwrd.csv -NoTypeInformation
So now it looks like this:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Export-Csv -Path .\Passwrd.csv -NoTypeInformation
This completes but the output file is empty.
Can anyone help please?

Powershell last logon query. Help setting up array to go thought all my domain controllers

This script below works, but every attempt I make to have it cycle through all my domain controllers fail. How do I add a array to go through all these OUs on all my domain controllers. Thanks in advance!
$OUs= “OU=Test1,OU=Test1,OU=Test1,OU=Test1,OU=All Users,DC=domain,DC=local",
"OU=Test2,OU=Test2,OU=Test2,OU=All Users,OU=Test2,DC=domain,DC=local",
"OU=Test3,OU=Test3,OU=Test3,OU=All Users,OU=Test3,DC=domain,DC=local",
"OU=test4,OU=test4,OU=test4,OU=All Users,OU=test4,DC=domain,DC=local",
"OU=Test5,OU=test5,OU=Test5,OU=All Users,OU=test5,DC=domain,DC=local”
$OUs | ForEach-Object
{
Get-ADUser -Filter {Enabled -eq $TRUE} -SearchBase $_ -Properties Name,SamAccountName,LastLogonDate |
Where-Object {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)}
} |
Sort LastLogonDate |
Format-Table -Property Name,SamAccountName,LastLogonDate, DistinguishedName |
Out-String

Below you have now an array of your OUs. Please try whether that works for you now.
$OUs= #(
“OU=Test1,OU=Test1,OU=Test1,OU=Test1,OU=All Users,DC=domain,DC=local",
"OU=Test2,OU=Test2,OU=Test2,OU=All Users,OU=Test2,DC=domain,DC=local",
"OU=Test3,OU=Test3,OU=Test3,OU=All Users,OU=Test3,DC=domain,DC=local",
"OU=test4,OU=test4,OU=test4,OU=All Users,OU=test4,DC=domain,DC=local",
"OU=Test5,OU=test5,OU=Test5,OU=All Users,OU=test5,DC=domain,DC=local”
)
I would also suggest to break your line after every pipe in order to cut the line. That makes it far easier to read for you, plus your colleagues.
$OUs | ForEach-Object
{
Get-ADUser -Filter {Enabled -eq $TRUE} -SearchBase $_ -Properties Name,SamAccountName,LastLogonDate |
Where-Object {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)}
} |
Sort LastLogonDate |
Format-Table -Property Name,SamAccountName,LastLogonDate, DistinguishedName |
Out-String

You mention cycling through your domain controllers, but then you go on to ask about OUs. I suspect you want DC's, because each DC might have a different Last Logon Time for the user.
You can omit the -SearchBase and search all OU's, if you're looking to get this data for all users.
$Domains = Get-ADDomainController -Filter * #Note, this shows all DCs- you may have some without ADWS Installed, which won't handle the WHERE.
foreach ($domain in $Domains) {
Get-ADUser -Filter {Enabled -eq $TRUE} -Server $domain -Properties Name,SamAccountName,LastLogonDate |
Where {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)} |
Export-CSV -Path 'UsersNotRecentlyLoggedIn.CSV' -Append
}
If you only want one DC, but all OUs
$Domains = Get-ADDomainController -Discover -Service ADWS
foreach ($domain in $Domains) {
Get-ADUser -Filter {Enabled -eq $TRUE} -Server $domain -Properties Name,SamAccountName,LastLogonDate |
Where {($_.LastLogonDate -lt (Get-Date).AddDays(-7)) -and ($_.LastLogonDate -ne $NULL)} |
Export-CSV -Path 'UsersNotRecentlyLoggedIn.CSV' -Append
}

Get Password expiry date for one single user in AD

I have found this script that filters me the passwprdexpirydate of enabled accounts on AD.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties “DisplayName”, “msDS-UserPasswordExpiryTimeComputed” |
Select-Object -Property “Displayname”,#{Name=“ExpiryDate”;Expression{[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}}
It works fine but I would like to have it search just one specific AD account that I will type in. How do I accomplish that?
I would

This is one of those times where reading the documentation would answer your question, as the examples cover this question...
You can either replace the Filter for the Identity param:
Get-ADUser -Identity USERNAME
Or, update the filter:
Get-ADUser -Filter {Name -eq "USERNAME"}

Try something like this:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –
Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",#{Name="ExpiryDate";Expression=
{[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} |
Where-Object {$_.DisplayName -like "Username"}

Get-ADUser CSV file disabled true and false filter

The script below works as is, I need to add the enabled -eq $true piece so I can audit the user list to see if they are also enabled (not just disabled). I have tried various ways and the scripted error out. Can anyone help?
$userID = Import-Csv "c:\users.csv"
foreach ($user in $userID) {
$employeeID = $user.employeeID
Get-ADUser -Filter {employeeID -eq $employeeID -and Enabled -eq $false} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |
select "Displayname", "Enabled",
#{n="PasswordExpiryDate";e={[DateTime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},
#{n='LastLogon';e={[DateTime]::FromFileTime($_.lastLogon)}},
SamAccountName, employeeID, mail, intelOwnerID, title |
Export-Csv -Append "c:\temp\usersacct.csv"

To get both enabled and disabled users that are listed in your .csv you just need to stop filtering on Enabled -eq $false. Just change this line:
Get-ADUser -Filter {employeeID -eq $employeeID -and Enabled -eq $false} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |
to
Get-ADUser -Filter {employeeID -eq $employeeID} -Properties displayName,employeeID,mail,intelOwnerID,title,"msDS-UserPasswordExpiryTimeComputed","lastLogon" |