Password Expire and Last Logon

param(
&#91;switch]$Showmode
)
#Showmode did not set anything


#OU from User to set
$OUName = "OU=OU-Test,OU=OU-04-User"

#Alternativ via Group
#$targetGroup = "GroupName"


#######################################
#Nothing to change, all Scriptcode works alone, except the Group Selection of Users want to use 
######################################

#Check if AD Module is installed, if not -> install it
$srv=Get-WindowsFeature *RSAT-AD-PowerShell*
if ($srv.Installed)
{
}
else
{
    Add-WindowsFeature RSAT-AD-PowerShell 
}

#Load AD Module
Import-Module activedirectory

#Get the Root Domain like "DC=Domain,DC=Local"
$RootDomain = (Get-ADDomain -Current LocalComputer).ComputersContainer.tostring().replace("CN=Computers,","")

#OU
$targetOU = "$OUName,$RootDomain"
$targetOU
$users = get-aduser -searchbase $targetOU -filter { passwordNeverExpires -eq $false -and pwdLastSet -gt 0 } -properties passwordLastSet

#Alternativ via Group
#$targetGroup = "GroupName"
#$users = Get-ADGroupMember -recursive $targetGroup | get-aduser -Properties passwordneverexpires,passwordlastset | Where-Object { $_.passwordNeverExpires -eq $false -and $_.passwordLastSet }

foreach ($user in $users) {
    $outObject = new-object -typename psobject
    $outobject | Add-member -MemberType NoteProperty -Name distinguishedName -Value $user.distinguishedname
    $outobject | Add-Member -MemberType NoteProperty -Name OldPasswordLastSet -value $user.passwordlastset
    if (-not($Showmode))
        {
            set-aduser $user -ChangePasswordAtLogon:$true
            set-aduser $user -ChangePasswordAtLogon:$false 
        }
    $outobject | Add-Member -MemberType NoteProperty -Name NewPasswordLastSet -value $(get-aduser $user -Properties passwordlastset).passwordlastset
    $outobject | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value (Get-ADUser $user -Properties lastlogonDate).lastlogonDate
    $outObject
}

param(

[switch]$Showmode

)

#Showmode did not set anything

#OU from User to set

$OUName = "OU=OU-Test,OU=OU-04-User"

#Alternativ via Group

#$targetGroup = "GroupName"

#######################################

#Nothing to change, all Scriptcode works alone, except the Group Selection of Users want to use

######################################

#Check if AD Module is installed, if not -> install it

$srv=Get-WindowsFeature *RSAT-AD-PowerShell*

if ($srv.Installed)

{

}

else

{

Add-WindowsFeature RSAT-AD-PowerShell

}

#Load AD Module

Import-Module activedirectory

#Get the Root Domain like "DC=Domain,DC=Local"

$RootDomain = (Get-ADDomain -Current LocalComputer).ComputersContainer.tostring().replace("CN=Computers,","")

#OU

$targetOU = "$OUName,$RootDomain"

$targetOU

$users = get-aduser -searchbase $targetOU -filter { passwordNeverExpires -eq $false -and pwdLastSet -gt 0 } -properties passwordLastSet

#Alternativ via Group

#$targetGroup = "GroupName"

#$users = Get-ADGroupMember -recursive $targetGroup | get-aduser -Properties passwordneverexpires,passwordlastset | Where-Object { $_.passwordNeverExpires -eq $false -and $_.passwordLastSet }

foreach ($user in $users) {

$outObject = new-object -typename psobject

$outobject | Add-member -MemberType NoteProperty -Name distinguishedName -Value $user.distinguishedname

$outobject | Add-Member -MemberType NoteProperty -Name OldPasswordLastSet -value $user.passwordlastset

if (-not($Showmode))

{

set-aduser $user -ChangePasswordAtLogon:$true

set-aduser $user -ChangePasswordAtLogon:$false

}

$outobject | Add-Member -MemberType NoteProperty -Name NewPasswordLastSet -value $(get-aduser $user -Properties passwordlastset).passwordlastset

$outobject | Add-Member -MemberType NoteProperty -Name LastLogonDate -Value (Get-ADUser $user -Properties lastlogonDate).lastlogonDate

$outObject

}