Powershell find users expiring in 7 days

Question

I am trying to run a powershell script that queries for accounts that expire within 7 days, I currently have

$a = (get-date).AddDays(7) ; Search-ADAccount -AccountExpiring -TimeSpan "7" | Select-Object SamAccountName,AccountExpirationDate | Sort-Object AccountExpirationDate | Export-Csv 7_days.csv

However when I make the following change, it seems to have some trouble and I end up getting an empty CSV file. Ultimately I want account expiring in 7 days, not more, not less.

$a = (get-date).AddDays(7) ; Search-ADAccount -AccountExpiring -TimeSpan "7" | Select-Object SamAccountName,AccountExpirationDate | Sort-Object AccountExpirationDate | Where-Object {$_.AccountExpirationDate -like $a } | Export-Csv 7_days.csv

Can someone let me know what I am doing wrong? I have tried moving the "Where-Object {$_.AccountExpirationDate -like $a } " piece around, or "-match" instead of "-like" , however these havn't landed me much success. Where am I going wrong with this?

Answer 1

Update: You can get the accounts if you pass a string value, passing an integer initializes the timespan to 7 ticks!

Search-ADAccount -AccountExpiring -TimeSpan "7"

other valid options:

Search-ADAccount -AccountExpiring -TimeSpan (New-TimeSpan -Days 7)
Search-ADAccount -AccountExpiring -TimeSpan ([TimeSpan]::FromDays(7))

---

Could be a bug, it doesn't work for me as well. Here's a workaround:

$NeverExpires = 9223372036854775807
$ExpringIn = (Get-Date).AddDays(7) 

Get-ADUser -Filter * -Properties accountExpires | 
Where-Object {$_.accountExpires -ne $NeverExpires  -and [datetime]::FromFileTime([int64]::Parse($_.accountExpires)) -lt $ExpringIn }

Answer 2

The attribute in use is accountExpires and is express in pacquet of 100 nano second since 1600

PS C:\Windows\system32> Get-ADuser user1 -Properties accountExpires


accountExpires    : 129821976000000000
DistinguishedName : CN=user1 users,OU=OUTest,DC=dom,DC=fr
Enabled           : True
GivenName         : user1
Name              : user1 users
ObjectClass       : user
ObjectGUID        : b1bef798-8e36-45ff-ad11-e79f89769efc
SamAccountName    : user1
SID               : S-1-5-21-3115856885-816991240-3296679909-1146
Surname           : Users
UserPrincipalName : user1@dom.fr

you can convert it to [dateTime] like this :

PS> [datetime](Get-ADuser user1 -Properties accountExpires).accountExpires

mardi 22 mai 0412 22:00:00

Answer 3

Although this is an old thread.. Let me add a quick note and word of caution..

Becareful asking for accounts that are 7 days old. 7 days and 2 hours won't be 7 days and therefore won't match the query (might be why your CSV is empty).

You will therefore always want to say account that are more then 7 days, and less then 8 (etc) to catch all that are within the 7th day. etc...

Additionally, the code above
[datetime](Get-ADuser user1 -Properties accountExpires).accountExpires
give me an error
Cannot convert value "9223372036854775807" to type "System.DateTime". Error: "Ticks must be between DateTime.MinValue.Ticks and DateTime.MaxValue.Ticks. Parameter name: ticks"

You might also review http://social.technet.microsoft.com/Forums/scriptcenter/en-US/b70113b1-a043-4543-afa0-dbba5757d035/powershell-windows-2008-getaduser-accountexpirationdate-returns-wrong-result?forum=ITCG

Answer 4

Try the following PowerShell command

Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A

https://technet.microsoft.com/en-us/library/ee617247.aspx