Script question AD user password changed multiple domains

  • 20 Views
  • Last Post 5 days ago
jeremy.stump posted this 5 days ago

I am dealing with a 3 domain migration, domain 1 is where domain 2 and domain 3 have been migrated too but we have a 3rd party tool from binarytree doing all the password back syncs down to domain 2 and domain 3 but unfortunately it doesn’t have a great reporting tool to tell me if domain 2 and domain 3 are syncing passwords from domain 1 when they change. The tool is supposed to back sync passwords every 15 minutes.   I have written these 3 ps script for each domain and have been manually culling the data it just really stinks.   What I would like to do is run the script from domain 1 into domain 2 and domain 3 and bring back data and match them if the password has occurred and report if domain 2 or 3 hasn’t gotten a password change for that used in the last 30 minutes.   Example

Retrieve accounts that had their passwords changed today

$Days = (Get-Date).AddDays(-1) Get-ADUser -Filter {PasswordLastSet -ge $Days} -SearchBase "ou=users,dc=domain1,dc=org" -Properties * | Sort PasswordLastSet -Descending | Format-Table PasswordLastSet,Displayname,Samaccountname    

Retrieve accounts that had their passwords changed today

$Days = (Get-Date).AddDays(-1) Get-ADUser -Filter {PasswordLastSet -ge $Days} -SearchBase "ou=users,dc=domain2,dc=org" -Properties * | Sort PasswordLastSet -Descending | Format-Table PasswordLastSet,Displayname,Samaccountname    

Retrieve accounts that had their passwords changed today

$Days = (Get-Date).AddDays(-1) Get-ADUser -Filter {PasswordLastSet -ge $Days} -SearchBase "ou=users,dc=domain3,dc=org" -Properties * | Sort PasswordLastSet -Descending | Format-Table PasswordLastSet,Displayname,Samaccountname   Essentially would I would like to see in result is Date              Time                     Displayname               Samaccountname Domain 1 12/6/2017 1:45:58 PM  John Doe         123456   

Domain 2 12/6/2017 1:48:58 PM  John Doe         123456   

Domain 3 12/6/2017 1:51:58 PM  John doe         123456   

 

  Jeremy Stump | Analyst | Information Technology | BMHCC - CORPORATE
Phone: (901) 227-8205 | Jeremy.Stump@xxxxxxxxxxxxxxxx
Opinions expressed above are not necessarily those of Baptist.

This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately.

P Please consider the environment before printing this email...

michael1 posted this 5 days ago

Check out Invoke-Command and/or Start-Process.

 

And I’d suggest that you change the “-Properties *” to “-Properties PasswordLastSet,Displayname,Samaccountname”.

 

show

Close