Find users with AD property .whenCreated with less than 90 days
Find users with AD property .whenCreated with less than 90 days
$daysOld = "-90"
$currentDate = get-date
$removeIfBefore = $currentDate.AddDays($daysOld)
$vpnuserstest = Get-ADGroupMember VPN_users -Recursive | select samaccountname | foreach ($_.samaccountname) {
Get-ADUser $_.samaccountname -Properties samaccountname, whenCreated |
Select-Object samaccountname,@{n='Days Since Created';e={($((Get-Date)) - $($_.WhenCreated)).Days}} |
Format-table -AutoSize}
Detailed Description:
I am taking the users in the group VPN_users and searching for their "samaccountname" and "whenCreated" properties. Then I would like to take today's date and go back 90 days. Anyone who's "whenCreated" date falls within that 90 day window, I want to add to a table so that I can export it later.
When I run the above code, I get everything listed as I would like, but it still includes everyone who's "whenCreated" property is above 90 days.
Sorry if the code looks "frankenstein'd" together....because it is. I took different aspects from different Google searches and threw them together.
1 Answer
1
Here's one way: Construct a timestamp-string and use with the -LDAPFilter
parameter. Example:
-LDAPFilter
$daysOld = 90
$timestampUTC = (Get-Date).AddDays(-$daysOld).ToUniversalTime()
$timestampString = "{0:yyyyMMddHHmmss.0Z}" -f $timestampUTC
Get-ADUser -Properties whenCreated -LDAPFilter "(whenCreated<=$timestampString)"
If you want to limit results to users that are a member of a particular group, you can update the LDAP query filter. Example:
$daysOld = 90
$timestampUTC = (Get-Date).AddDays(-$daysOld).ToUniversalTime()
$timestampString = "{0:yyyyMMddHHmmss.0Z}" -f $timestampUTC
Get-ADUser -Properties whenCreated -LDAPFilter "(&(whenCreated<=$timestampString)(memberOf=CN=Group Name,OU=Container,DC=fabrikam,DC=com))"
$daysOld = 90 $timestampUTC = (Get-Date).AddDays(-$daysOld).ToUniversalTime() $timestampString = "{0:yyyyMMdd.0Z}" -f $timestampUTC get-adgroupmember VPN_Users -r | select SamAccountName | ForEach ($_.samaccountname) { Get-ADUser -Properties whenCreated -LDAPFilter "(whenCreated<=$timestampString)" }
– Rob K O
Jul 2 at 18:57
When I try to use it to look at the group, I get no output. Any Idea why?
– Rob K O
Jul 2 at 18:58
Update the LDAP query to specify that you only want members of some group. See updated answer.
– Bill_Stewart
Jul 2 at 20:16
It still outputs everyone in the group, instead of the users that have been created within the last 90 days.
– Rob K O
Jul 3 at 14:41
Hint: There is a comparison operator in the LDAP search filter. What would you change?
– Bill_Stewart
Jul 3 at 15:42
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
After reading over my post, I realized that I do not have my variable $removeitBefore applied anywhere in the code. Which is why i'm not getting the results that I need. Now, i'm not sure where I could apply that in the script to get the results i'm looking for.
– Rob K O
Jul 2 at 18:20