Scripts/Get-ADAccountList.ps1
|
function Get-ADAccountList { [CmdletBinding()] param( [Parameter(Mandatory=$true)] [PSCredential]$credential, [Parameter(Mandatory=$true)] [string]$SafeName, [Parameter(Mandatory=$true)] [string]$BaseURI ) try{Close-PASSession}catch{} New-PASSession -Credential $credential -BaseURI $BaseURI -concurrentSession $true ###Check if there is a "Test Group" in Vault $group_id = (Get-PASAccountGroup -Safe $SafeName | Where-Object GroupName -eq "Test Group").GroupID if(!($null -eq $group_id)){ $group_members = Get-PASAccountGroupMember -GroupID $group_id $accounts = foreach($account in $group_members) { Get-PASAccount -id $account.AccountID } } Else { $accounts = Get-PASAccount -SafeName $SafeName } $accounts_x = foreach($account in $accounts) { $comments = $account.platformAccountProperties.Comments $userName = $account.userName if($comments -ne "NO MONITOR"){ if(!($userName -like "admin*")){ $account } } } $AD_Account_list = Foreach($Account in $accounts_x) { $ErrorActionPreference = "SilentlyContinue" try{ $AD_Object = get-aduser $Account.userName -properties employeeType,Enabled,LastLogonDate,PasswordLastSet,LockedOut -erroraction silentlycontinue }catch{} $Datestr = '{0:yyyyMMdd_hh_mm_}' -f $AD_Object.PasswordLastSet $Datestr_LastLogonDate = '{0:yyyyMMdd_hh_mm}' -f $AD_Object.LastLogonDate $PWChangedKey = $Account.userName + "_" + $Datestr $ErrorActionPreference = 'Continue' if($null -ne $AD_Object){ [PSCustomObject]@{ userID = $Account.userName safeName = $Account.safeName MTR = $Account.name userID_employeeType = $AD_Object.employeeType userID_Enabled = $AD_Object.Enabled userID_Locked = $AD_Object.LockedOut userID_LastLogonDate = $Datestr_LastLogonDate userID_PasswordLastSet = $Datestr pwchanged_key = $PWChangedKey verified = $false } } } Close-PASSession return $AD_Account_list } |