To get a list of users on select/all remote machines, do I have to use a combination of WMI/ADSI? WMI might? be easier, but to get the same properties you usually see when looking at AD accounts, it doesn't seem like it's as easy as I thought it was. You guys have helped me a lot on several other scripts that are similar.
I'm sure once I get near done with this one, the requirements will change. Anyway..
I'm looking to build a script that will return: ComputerName,UserName,Disabled,Lastlogon,PasswordLastSet,UserMustChangePassword/PasswordExpired,PasswordExpires.
In WMI, only some of the info is returned in Win32_Account, Win32_UserAccount, Win32_GroupUser. I don't see the UserMustChangePassword flag translated in either of these, so is probably only accessible through something like
$ADS_UF_PASSWORD_EXPIRED = 8388608
$user=[ADSI]"WinNT://$computer/$username,user"
$user.userflags -band $ADS_UF_PASSWORD_EXPIRED
Right now, there isn't a requirement for group membership, so I won't address that here at this time. We have 8 domains, a couple of which have over 2000 client computers. (I don't think management understands how big these reports could be.)
Am I on the right track? As always, I'm thinking 'out loud'. Feel free to chime in.