AD PowerShell Script to see when a list of users last changed their passwords.

-
A lot of companies have their ADs setup so that a users password will expire normally once every 6 months. 

But what happens if the company was to do a password audit? 

How would you know for certain that the users whose passwords were cracked had actually changed their passwords after being told to do so?

Well quite simple you could ask them! But some would probably lie and say they did it when they most likely didn't.

So an easier way to do this would to use a PowerShell script that imports a CSV file of all the users, then checks their AD accounts as each AD account has an attribute called PasswordLastSet. Why ask users when you can just check their accounts, at least this way you wont be lied to at all. 

Below is a screenshot of my code used to run this as well as the results that came back. 

I am more than happy for anyone to use this code, but take no responsibility if you change/modify this code in anyway to complete harmful/malicious actions. 

Screenshot of my code:


Screenshot of the output:



Comments

Post a Comment

Popular posts from this blog

Finding all Network Interfaces that are connected to Virtual Machines in Azure

-
Image
Recently I was involved in a discovery project to find all our network interfaces and virtual machines in Azure. I was aware that you could go to the Network Interface dashboard or the Virtual Machine dashboard but this was too manual for my liking. Also I needed to know which Network Interface was used by which Virtual Machine. So my solution was using Azure Resource Graph Explorer.  The following KQL is used to get all Network Interfaces in your azure tenant.  resources | where type =~ 'microsoft.network/networkinterfaces' | extend privateIp = properties.ipConfigurations[0].properties.privateIPAddress | extend id = name | project name, privateIp, properties.macAddress, id Running this KQL gives me a output like this in my test tenant. To get the Virtual Machines that use the Network Interfaces a left outer join can be used to join the networkinterfaces table with the virtalmachines table using the IDs.  This is the KQL I used the left outer join.  | join kind=lefto...
Read more

AD PowerShell script to add/remove a list of users from a group

-
Image
Have you ever had to do something manually and you were just like, I don't ever want to do that again it took to long.  Well that happened to me when I was setting up my domain and experimenting, I had to keep adding and removing my mock users to groups and it got really annoying.  So I simply automated it using PowerShell, know all I need to do is supply a list of the users I want to remove or add and the group name then voila.  To automate this I simply went through each line in the CSV file and got the distinguished name of the user using Get-ADUser. I then used either Add-ADGroupMember or Remove-ADGroupMember to add or remove the user, all that needed to be supplied here was the distinguished name of the group and the previously gotten distinguished name of the user.  Below is a screenshot of my code, I am happy for you to use it but I am not accountable if you edit or misuse and cause any issues.  Screenshot of the code: Results of running the code:
Read more

Terraform with VirtualBox

-
Image
So I wanted to learn how to use Terraform, it is something that is quite interesting but I have never got to use it. I had to sort that out. 👍 I could have made it build me a VM instance on the cloud but I currently don't have the need for that as I have the Kali VM that I use for messing around with CTFs hosted locally. So I decided to go with Virtual Box, also this stops any issues like for example me building the wrong VM instance and my card screaming at me. So my first order of business was to create a new folder and create the terraform.tf file in there. I then used the boiler plate code that can be found on the HashiCorp website here : https://registry.terraform.io/providers/terra-farm/virtualbox/latest/docs.  Using "terraform init" to initialise a Terraform instance then "terraform apply". But I ran into some issues with that. For starters the first issue that will arise is that the version specified in this template is no longer the current version and...
Read more