mikedixson · June 5, 2025 09:28 · Jun 5, 2025
diff --git a/Lithnet_Audit_existing_passwords.ps1 b/Lithnet_Audit_existing_passwords.ps1
@@ -0,0 +1,63 @@
+Import-Module LithnetPasswordProtection
+
+$file = "get-pwned-users.csv";
+
+"accountName,UPN,pwdLastSet,lastLogin,accountDisabled" | out-file $file
+
+$Searcher = New-Object System.DirectoryServices.DirectorySearcher
+$Searcher.PageSize = 200
+$Searcher.SearchScope = "subtree"
+
+$Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
+$Attributes = @("PwdLastSet","lastLogonTimeStamp", "userAccountControl", "userPrincipalName", "name")
+ForEach($Attribute In $Attributes)
+{
+    $Searcher.PropertiesToLoad.Add($Attribute) > $Null
+}
+
+$Results = $null
+$Total = 0
+$NumChanged = 0
+
+$Searcher.FindAll() | % {
+    $user = $_.Properties["UserPrincipalName"][0]
+
+    if ([string]::IsNullOrWhiteSpace($user))
+    {
+        Write-Warning "User $($_.Properties["Name"][0]) has a null or empty UPN";
+        return;
+    }    try {
+        $result = Test-IsADUserPasswordCompromised -UPN $user -server localhost -ErrorAction Stop
+    } catch {
+        Write-Warning "Could not check ${user}: $($_.Exception.Message)"
+        return
+    }
+
+    $pwdLastSet = $null
+    $lastLogin = $null
+    $disabled = $false;
+
+    if ($_.Properties["PwdLastSet"][0] -gt 0)
+    {
+        $pwdLastSet = [DateTime]::FromFileTimeUtc($_.Properties["pwdLastSet"][0]).ToLocalTime()
+    }
+
+    if ($_.Properties["lastLogonTimeStamp"][0] -gt 0)
+    {
+        $lastLogin = [DateTime]::FromFileTimeUtc($_.Properties["lastLogonTimeStamp"][0]).ToLocalTime()
+    }
+
+    if (($_.Properties["userAccountControl"][0] -band 2) -eq 2)
+    {
+        $disabled = $true;
+    }
+
+    if ($result -ne $true)
+    {  
+        return;
+    }
+
+    $message = "$($_.Properties["Name"][0]),$user,$pwdLastSet,$lastLogin,$disabled"
+    Write-Output $message
+    $message | out-file $file -Append
+}
No results found