$DomainControllers = "dc1", "dc2", "dc3", "dc4"
$Users = @{}
$DomainControllers | ForEach-Object {
Get-QADUser -SearchRoot "domain.com/Offices" -Enabled -Service $_ -SizeLimit 0 | `
Select-Object DN, LastLogon, PasswordLastSet | ForEach-Object {
If ($Users.$($_.DN)) {
$Users.$($_.DN) = $_ | Select-Object DN, PasswordLastSet, `
@{n='LastLogon';e={
If ($_.LastLogon -gt $Users.$($_.DN).LastLogon) {
$_.LastLogon
} Else {
$Users.$($_.DN).LastLogon
} }}
} Else {
$Users.Add($_.DN, $_)
}
}
}
$Users.Values | ForEach-Object {
If ($_.PasswordLastSet -ne $Null) {
$PasswordReset = (New-TimeSpan $_.PasswordLastSet).Days
} Else {
$PasswordReset = "-"
}
If ($_.LastLogon -ne $Null) {
$LastLogon = (New-TimeSpan $_.LastLogon).Days
} Else {
$LastLogon = "-"
}
Set-QADUser $_.DN -Description "(Password reset : $PasswordReset days) (Last logged in : $LastLogon days)"
}
|