Find an User in ActiveDirectory without installation of Remote Server Admin. Tools

Gist:





#params to set
$userAccountName=someAlias
$baseDN="DC=corp,DC=company"

# get domain password expiration info,
$baseDS = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$baseDN")
$dc = $baseDS.findone()
$maxPwdAgeInDays = convertTimeToDays ( $dc.properties.item("maxPwdAge")[0] )

# find user
$userSearch = $baseDS
$userSearch.filter = “(&(objectClass=user)(sAMAccountName=$userAccountName))”
$userSearch.PropertiesToLoad.Add("msDS-ResultantPSO")
$userSearch.PropertiesToLoad.Add("pwdlastset")
$user = $userSearch.FindOne()

# find out password expiration date
[long]$time = [long][string]($user.properties.pwdlastset)

# check for advanced password policy
$advancedPasswordDomainPath = $user.properties.item("msDS-ResultantPSO")
if ( $advancedPasswordDomainPath -ne $null )
{
  $searchForPassPolicy = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$advancedPasswordDomainPath")
  $maxAge = $searchForPassPolicy.FindOne().Properties.item("msDS-MaximumPasswordAge")[0]
  $maxPwdAgeInDays = convertTimeToDays ( $maxAge )
}

$passwordSetDate = $([DateTime]$time).AddYears(1600).ToLocalTime()
$expirationDate = $passwordSetDate.AddDays($maxPwdAgeInDays)

$today = [DateTime]::Today
$timeLeftInDays = $expirationDate.Subtract($today).Days


Write-Host "Username: $userAccountName"
Write-Host "Password expiration time: $maxPwdAgeInDays days"
Write-Host "Password was set: $passwordSetDate"
Write-Host "Password expires: $expirationDate"
Write-Host "Time left: $timeLeftInDays"

# help functions
function convertTimeToDays ($value)
{
    [int64]$maxpwdage = [System.Math]::Abs( $value )
    return $maxpwdage/864000000000
}