When querying the active directory, most of us are troubled by the datetime formats for certain attributes.
Things covered in this post.
- Accessing Static Members of a class in PowerShell.
- Scope Resolution Operator.
- Expressions.
- Hashtable concept in PowerShell.
- If you don’t have time for all this theory. Here is a simple thing.
To get the pwdlastset alone in a human readable format.Get-ADUser -Identity <samAccountName/distinguishedname of user>` -Server <domainName> -Properties pwdLastSet|` select @{name ="pwdLastSet";` expression={[datetime]::FromFileTime($_.pwdLastSet)}}
- To Add 60 days to the pwdlastset and get the output.
Get-ADUser -Identity <samAccountName/distinguishedname of user>` -Server <domainName> -Properties pwdLastSet|` select @{name ="pwdLastSet";` expression={$([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60)}}
One of them is the pwdlastset attribute. The pwdlastset attribute is represented as a INT64 data type. To convert it into a human readable date time format we need to do the following.
>> Get-Aduser -identity deepakj -server domain.net -properties pwdLastSet | select pwdlastset | gm
TypeName: Selected.Microsoft.ActiveDirectory.Management.ADUser
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
pwdlastset NoteProperty System.Int64 pwdlastset=131299743005733644
The above result shows that the pwdlastset attribute is of the type System.Int64.
We can use the fromFileTime method of the [datetime] class using the scope-resolution operator ( ::) Scope Resolution Operator
Get-ADUser -Identity $member -Server ab.net -Properties * | ` select-object @{name ="pwdLastSet";expression={[datetime]::FromFileTime($_.pwdLastSet)}},` @{name ="pwdExpiry";expression={ $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }} ` | export-csv final.csv -Append -NoClobber -NoTypeInformation
The above cmdlet string performs the following steps.
- Get-Aduser -identity $member -server ab.net -properties *
- Extracts all the attributes for the user whose value is stored in the $member variable.
- The expression after the | is as follows.
- select @{name =”pwdLastSet”;expression={[datetime]::FromFileTime($_.pwdLastSet)}}
- select -object = used to get each attribute from the previous statement.
- @{} = this is actually a hashtable; a single valued hashtable. ( for easier comprehension)
- The hashtables have 2 parts, a key and a value. Here they are renamed as name and expression.
- The name = as is evident is the string or identification we want to give this hashtable.
- The expression contains the magic we would be doing.
- expression = {[datetime]::FromFileTime($_.Pwdlaset)}
- The expression evaluates whatever is given in between the {}
- Here we are using the [datetime] class and calling the FromFileTime method by passing the $_.Pwdlast set as the argument.
- Once the evaluation is done, the value in the $_.Pwdlastset is changed to a normal human readable date object.
- The second hashtable here is to get the password expiration date along with this cmdlet.
-
@{name ="pwdExpiry";expression={ $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }} `
- Expression.
- { $([datetime]::FromFileTime($_.pwdLastSet)).AddDays(60) }}
- The strings in red are obtained from our previous example.
- Once the evaluation is done, the entire string becomes a datetime object.
- To get the methods of a datetime object exposed from an expression, we need to encapsulate it in a ‘$()’
- $([datetime]::FromFileTime($_.pwdLastSet)) — this entire thing is one object of the datetime type.
- And as we all know, to invoke a method, we use the “.” (dot) operator, and we use the AddDays(**) method, which takes in the number of days as input.
- The output of this expression is a date which is 60 days away from the pwdlastset date.
-
Sources :
- https://blogs.technet.microsoft.com/ashleymcglone/2013/12/20/back-to-the-future-working-with-date-data-types-in-active-directory-powershell/
- https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.core/about/about_hash_tables
- https://msdn.microsoft.com/en-us/library/8ehdyws9(v=vs.80).aspx