I found this here: (http://powershell.com/cs/media/p/376.aspx)
- cls
- $ErrorActionPreference="SilentlyContinue"
- Get-Content (ENTER PATH TO YOUR INPUT FILE HERE) | foreach {
- [ADSI]"WinNT://$_/administrator" | select `
- $(Name="Account";Expression={($_.PSBase).Path}}, `
- $(Name="Password Set";Expression={(Get-Date).AddSeconds(-($_.PasswordAge)[0])}}; `
- $(Name="PasswordAge (Days)";Expression={[int]((4-.PasswordAge)[0]/86400) }}, `
- $(Name="Last Logon";Expression={$_.LastLogin}}, `
- $(Name="Days Since Last Logn";Expression={ `
- (New-TimeSpan-start ($_.LastLogin[0]) -end (Get-Date)).days}}} `
- | Export-csv (ENTER PATH TO YOUR OUTPUT FILE HERE) -notypeinformation
The $'s in the SELECT statement need to be @'s... That corrected, I'm trying to get to run so I can report on the local administor account - by SID. Our local admin accounts are renamed depending on department. Also to run against all (local account) members of the builtin administrators group.
I've been able to dump the members, but am having trouble putting the two halves together.