how to find account that expire 90 days from there date created

Question

I am trying to find all temp accounts in AD that expire 90 days after the account was created. Here is what I have so far. I am not sure how to calculate that. I am not receiving any output.

    $expireDate = (Get-ADUser -filter * -Properties accountExpires).accountExpires
$accountExpireDate = ([System.DateTime]::FromFileTime($expireDate)).AddDays(-90).Date

Get-ADUser -Filter {whenCreated -ge $accountExpireDate} -Properties whenCreated | select name | export-csv 'c:\temp\all_temp_users.csv'enter code here

skukx · Answer 1 · 2015-04-24T21:17:21.953

The following command will return ADUser objects for user1 and user2 in PowerShell v3 but null in powershell v2

(@("user1", "user2") | Get-ADUser).Name

If you are using powershell v2, I would suggest trying to change your command to:

Get-ADUser -filter * -Properties accountExpires | Select -ExpandProperty AccountExpires

This will return an array of AccountExpires attributes

Another issue is that you are essentially plugging in a possible array into

[System.DateTime]::FromFileTime($expireDate)

With $expireDate being that possible array. I believe this will only return a time for the first element of the array.

Another possible issue could be that you are checking if whenCreated is greater than the expiration date. Normally this date is going to be less than. All together if you're looking for accounts that have expired I would do something like:

$users = Get-ADUser -filter * -Properties AccountExpires, WhenCreated
foreach ( $user in $users ) {
    $span = [DateTime]::FromFileTime($user.AccountExpires) - $user.WhenCreated

    if ( $span.Days -eq 90 ) { 
        # Do Something with user that was set to expire 90 days
    }
}

how to find account that expire 90 days from there date created

1 Answers1