LDAP filters are a fast and powerful way of retrieving information from Active Directory. However, LDAP filters use a very low-level date and time format. It is basically a huge integer number. Fortunately, PowerShell contains ways of converting real DateTime objects into these numbers, and vice versa.
Here is a code sample that uses Get-ADUser from ActiveDirectory module to find all users who recently changed their passwords. If you don’t have this module, go download the free RSAT tools from Microsoft.
# find all AD Users who changed their password in the last 5 days
$date = (Get-Date).AddDays(-5)
$ticks = $date.ToFileTime()
$ldap = "(&(objectCategory=person)(objectClass=user)(pwdLastSet>=$ticks))"
Get-ADUser -LDAPFilter $ldap -Properties * |
Select-Object -Property Name, PasswordLastSet
ReTweet this Tip!