0

I have got the below powershell script from Microsoft blog. It exactly satisfies my environment needs, but it shows the password expiry date as true or false. I need to extract exact password expiry date of all the local user's. Please can someone help with the below script to get the local user account expiry date along with other information.

Param
(
[Parameter(Position=0,Mandatory=$false)]
[ValidateNotNullorEmpty()]
[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
[Parameter(Position=1,Mandatory=$false)]
[Alias('un')][String[]]$AccountName,
[Parameter(Position=2,Mandatory=$false)]
[Alias('cred')][System.Management.Automation.PsCredential]$Credential
)

$Obj = @()
$now = Get-Date
Foreach($Computer in $ComputerName)
{
If($Credential)
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
}
else
{
    $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
    -Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
}

Foreach($LocalAccount in $AllLocalAccounts)
{



    $rawPWAge = ([adsi]"WinNT://$computer/$($LocalAccount.Name),user").PasswordAge.Value




    $Object = New-Object -TypeName PSObject

    $Object|Add-Member -MemberType NoteProperty -Name "Name" -Value $LocalAccount.Name
    $Object|Add-Member -MemberType NoteProperty -Name "Full Name" -Value $LocalAccount.FullName
        $Object|Add-Member -MemberType NoteProperty -Name "Disabled" -Value $LocalAccount.Disabled
        $Object|Add-Member -MemberType NoteProperty -Name "Status" -Value $LocalAccount.Status
        $Object|Add-Member -MemberType NoteProperty -Name "LockOut" -Value $LocalAccount.LockOut
    $Object|Add-Member -MemberType NoteProperty -Name "Password Expires" -Value $LocalAccount.PasswordExpires
    $Object|Add-Member -MemberType NoteProperty -Name "Password Required" -Value $LocalAccount.PasswordRequired
    $Object|Add-Member -MemberType NoteProperty -Name "Account Type" -Value $LocalAccount.AccountType
    $Object|Add-Member -MemberType NoteProperty -Name "Domain" -Value $LocalAccount.Domain
    $Object|Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value ($now).AddSeconds(-$rawPWAge)
    $Object|Add-Member -MemberType NoteProperty -Name "Password Age" -Value ($now-($now.AddSeconds(-$rawPWAge))).Days
    $Object|Add-Member -MemberType NoteProperty -Name "Description" -Value $LocalAccount.Description




    $Obj+=$Object
}

If($AccountName)
{
    Foreach($Account in $AccountName)
    {
        $Obj|Where-Object{$_.Name -like "$Account"}
    }
}
else
{
    $Obj
}
}
AkshayP
  • 2,141
  • 2
  • 18
  • 27
user-deep
  • 3
  • 1
  • 3

1 Answers1

1

To get the password expiry date you need to subtract PasswordAge from MaxPasswordAge and add the resulting number of seconds to $now:

$user = [adsi]"WinNT://$computer/$($LocalAccount.Name),user"
$rawPWAge = $user.PasswordAge.Value
$maxPWAge = $user.MaxPasswordAge.Value
...
$Object | Add-Member -MemberType NoteProperty -Name 'Password Expiry Date' `
                -Value $now.AddSeconds($maxPWAge - $rawPWAge)

As a side note, you should never use $Obj+=$Object in a loop. Adding objects to an array will copy all items from the existing array to a new array (size + 1), so the operation is guaranteed to perform poorly. Better use a ForEach-Object loop in a pipeline:

$Obj = $AllLocalAccounts | ForEach-Object {
         $user = ([adsi]"WinNT://$computer/$($_.Name),user")
         $pwAge    = $user.PasswordAge.Value
         $maxPwAge = $user.MaxPasswordAge.Value
         $pwLastSet = $now.AddSeconds(-$pwAge)

         New-Object -TypeName PSObject -Property @{
           'Name'                 = $_.Name
           'Full Name'            = $_.FullName
           'Disabled'             = $_.Disabled
           'Status'               = $_.Status
           'LockOut'              = $_.LockOut
           'Password Expires'     = $_.PasswordExpires
           'Password Required'    = $_.PasswordRequired
           'Account Type'         = $_.AccountType
           'Domain'               = $_.Domain
           'Password Last Set'    = $pwLastSet
           'Password Age'         = ($now - $pwLastSet).Days
           'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
           'Description'          = $_.Description
         }
       }

This will automagically produce a list of objects which is then assigned to $Obj.

Ansgar Wiechers
  • 193,178
  • 25
  • 254
  • 328