0

I am trying to retrieve a list of all AD users who have accounts expiring in 7 days. Not "within". I found a similar question that was answered on here already, but the script only works for within. My script below works but retrieves accounts that will expire "Within" 7 days. I've tried many different ways all of which do not work.

$List = Search-Adaccount -AccountExpiring -Timespan 07.00:00:00 | 
Where-Object {$_.DistinguishedName -like "*OU=test,DC=Domain,DC=com"}

$List | export-csv "c:\temp\expiring_accounts.csv"
Anthony Neace
  • 25,013
  • 7
  • 114
  • 129
user2402045
  • 71
  • 1
  • 3
  • 13

2 Answers2

1

Adapting Shay Levy's answer on this similar question, can you add another condition to the Where-Object to put both an upper and lower bound on the expiration date?

$NeverExpires = 9223372036854775807;
$ExpireMin = (Get-Date).AddDays(6);
$ExpireMax = (Get-Date).AddDays(8);

Get-ADUser -Filter * -Properties accountExpires | 
Where-Object {$_.accountExpires -ne $NeverExpires  `
-and [datetime]::FromFileTime([int64]::Parse($_.accountExpires)) -lt $ExpireMax `
-and [datetime]::FromFileTime([int64]::Parse($_.accountExpires)) -gt $ExpireMin }

I don't presently have any expiring accounts in the AD environment I have access to, so I don't know if this will work exactly as you're asking.

Community
  • 1
  • 1
alroc
  • 27,574
  • 6
  • 51
  • 97
  • I saw Shay's answer, but i did not see a min and a max date and i did not even think to use that or how to add it. That worked great! I appreciate the help. Thank you. – user2402045 Sep 16 '13 at 19:18
  • Question, what are the single quotes for after $neverexpires and $expiremax? – user2402045 Sep 16 '13 at 19:28
  • The backticks are used to indicate a line continuation. Remove the linefeeds and those characters to put it all on a single line. – alroc Sep 17 '13 at 00:43
  • alroc, your code is working ok except that it picks up the same users at least 3 times, for 8 days, 7 and 6 days because they fall into that criteria. I am still trying to get just one day. any ideas? – user2402045 Oct 25 '13 at 12:27
1

Try the Free Active Directory Reports from adsysnet.They offer some useful reports(user,computer,ou,contact,group,etc) and functions(move,delete,reset,unlock,send mail,etc) for ad objects.

Free Active Directory Reports

John F
  • 11
  • 1