Efficiently converting pwdlastset to datetime in a single line.

Posted on by deepakjoseph

powershell-icon-4

When querying the active directory, most of us are troubled by the datetime formats for certain attributes.

Things covered in this post.

  1. Accessing Static Members of a class in PowerShell.
  2. Scope Resolution Operator.
  3. Expressions.
  4. Hashtable concept in PowerShell.

 

  1. If you don’t have time for all this theory. Here is a simple thing.
    To get the pwdlastset alone in a human readable format.

    Get-ADUser -Identity <samAccountName/distinguishedname of user>`
-Server <domainName> -Properties pwdLastSet|`
select @{name ="pwdLastSet";`
expression={[datetime]::FromFileTime($_.pwdLastSet)}}
  2. To Add 60 days to the pwdlastset and get the output. 
    Get-ADUser -Identity <samAccountName/distinguishedname of user>`
-Server <domainName> -Properties pwdLastSet|`
select @{name ="pwdLastSet";`
expression={$([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60)}}

One of them is the pwdlastset attribute. The pwdlastset attribute is represented as a INT64 data type. To convert it into a human readable date time format we need to do the following.

>> Get-Aduser -identity deepakj -server domain.net -properties pwdLastSet | select pwdlastset | gm
 
TypeName: Selected.Microsoft.ActiveDirectory.Management.ADUser

Name MemberType Definition 
---- ---------- ---------- 
Equals Method bool Equals(System.Object obj) 
GetHashCode Method int GetHashCode() 
GetType Method type GetType() 
ToString Method string ToString() 
pwdlastset NoteProperty System.Int64 pwdlastset=131299743005733644

The above result shows that the pwdlastset attribute is of the type System.Int64.

We can use the fromFileTime method of the [datetime] class using the scope-resolution operator ( ::) Scope Resolution Operator

Get-ADUser -Identity $member -Server ab.net -Properties * | `
select-object @{name ="pwdLastSet";expression={[datetime]::FromFileTime($_.pwdLastSet)}},`
@{name ="pwdExpiry";expression={ $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }} `
| export-csv final.csv -Append -NoClobber -NoTypeInformation

The above cmdlet string performs the following steps.

  1. Get-Aduser -identity $member -server ab.net -properties *
    1. Extracts all the attributes for the user whose value is stored in the $member variable.
  2. The expression after the | is as follows.
    1. select @{name =”pwdLastSet”;expression={[datetime]::FromFileTime($_.pwdLastSet)}}
    2. select -object = used to get each attribute from the previous statement.
    3. @{} = this is actually a hashtable; a single valued hashtable. ( for easier comprehension)
    4. The hashtables have 2 parts, a key and a value. Here they are renamed as name and expression.
    5. The name = as is evident is the string or identification we want to give this hashtable.
    6. The expression contains the magic we would be doing.
    7. expression = {[datetime]::FromFileTime($_.Pwdlaset)}
      1. The expression evaluates whatever is given in between the {}
      2. Here we are using the [datetime] class and calling the FromFileTime method by passing the $_.Pwdlast set as the argument.
      3. Once the evaluation is done, the value in the $_.Pwdlastset is changed to a normal human readable date object.
    8. The second hashtable here is to get the password expiration date along with this cmdlet. 
      1. @{name ="pwdExpiry";expression={ $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }} `
      2. Expression.
        1. { $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }}
        2. The strings in red are obtained from our previous example.
        3. Once the evaluation is done, the entire string becomes a datetime object.
        4. To get the methods of a datetime object exposed from an expression, we need to encapsulate it in a ‘$()’
        5. $([datetime]::FromFileTime($_.pwdLastSet)) — this entire thing is one object of the datetime type.
        6. And as we all know, to invoke a method, we use the “.” (dot) operator, and we use the AddDays(**) method, which takes in the number of days as input.
        7. The output of this expression is a date which is 60 days away from the pwdlastset date.

Sources :

  1. https://blogs.technet.microsoft.com/ashleymcglone/2013/12/20/back-to-the-future-working-with-date-data-types-in-active-directory-powershell/
  2. https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.core/about/about_hash_tables
  3. https://msdn.microsoft.com/en-us/library/8ehdyws9(v=vs.80).aspx

Leave a comment

Published by deepakjoseph