Powershell – lister la date d’expiration des mots de passe ainsi que la Policy appliquée

Bonjour,

Ci-après un script qui permet de lister, pour les utilisateurs d’un groupe, la date à laquelle le mot de passe a été changé pour la dernière fois, la date d’expiration du mot de passe, ainsi que la politique ( password policy) appliquée. Le script génère une page HTML présentant le résultat.

# Mention the targeted AD group containing the users to generate the report for
$group = "Standard User Password Policy"

# Get the AD accounts info of each members of the above-mentioned group
$users = Get-ADGroupMember -Identity $group

# Count the members of the group
$count = $users.count

# Log the current date/time
$rightNow = Get-Date -Format "dd-MM-yyyy_hh'h'mm"

# The path to the output HTML file
$htmlOutputfile = "C:\Expiry-$rightNow.html"

# Create an empty array that will be used to contain our result
$array = @()

foreach ($user in $users)
{
    $Object = New-Object PSObject # Create a custom object that will be used to format our output
    # Get the info from the AD user
    $GetADUser = Get-ADUser $user –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed", "PasswordLastSet" | Select-Object -Property "Displayname", "PasswordLastSet", @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
    $GetADRPP = Get-ADUserResultantPasswordPolicy -Identity $user # Get the resultant Password Policy for the user
    $Object | Add-Member -MemberType NoteProperty -Name "Name" -Value $GetADUser.DisplayName # Feed with the user name
    $Object | Add-Member -MemberType NoteProperty -Name "Password Last Set" -Value $GetADUser.PasswordLastSet # Feed with the password last set date
    $Object | Add-Member -MemberType NoteProperty -Name "Applied Password Policy" -Value $GetADRPP.Name # Feed with the password policy name
    $Object | Add-Member -MemberType NoteProperty -Name "Password Expiration Date" -Value $GetADUser.ExpiryDate # Feed with the password expiry date
    $array += $Object # Append the object in the array
}

# Display the array's content to consol
$array

# Format the array's content in HTML, save the file, and then display it
$array | Sort-Object -Property "Password Expiration Date" | ConvertTo-Html -Head "<style>table {border-collapse: collapse;padding:5px;}table, th, td {border: 1px solid black;}th{white-space: nowrap;background-color:lightgrey;}</style>" -PreContent "<h2>Password policy summary for $count users members of the $group AD group</h2>" | Out-File $htmlOutputfile
Invoke-Item $htmlOutputfile

Voici un aperçu du résultat :

Hope this helps !

🙂

2 réflexions au sujet de “Powershell – lister la date d’expiration des mots de passe ainsi que la Policy appliquée”

  1. # Mention the targeted AD group containing the users to generate the report for
    $group = « Standard User Password Policy »

    Bonjour cela correspond à quoi au niveau AD ?

    Répondre
    • Bonjour,
      Il s’agit d’un group AD que vous créez et dans lequel vous placez les utilisateurs qui héritent de votre politique de mot de passes.
      Si tous vos utilisateurs en ont une, vous pouvez alors utiliser un groupe built-in comme ‘Domain Users’.

      Bàv,

      Antoine

      Répondre

Laisser un commentaire