How to Check all AD users for "blank" password?

active-directory powershell

How can I check all users in the AD for a blank password? AND Filter them....

I know how to check all user but I can't Filter them...

Here is what I have:

Get-ADUser -Filter * -SearchBase "OU=SomeOU,DC=mydomain,DC=forest,DC=local" | ForEach {
   $_.SamAccountName
   (new-object directoryservices.directoryentry "", ("domain\" + $_.SamAccountName), "").psbase.name -ne $null
   Write-Host ""
}

Now I want to know how to filter the Output...


Solution 1:

There isn't a way to do that natively.

DS Internals Test-PaswordQuality:

https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md#test-passwordquality

Install-Module -Name DSInternals -Force

There is also a free application here that uses DSInternals:

https://thycotic.com/solutions/free-it-tools/weak-password-finder/

Solution 2:

You can find users where PasswordLastSet is null:

Get-ADUser -Filter * -SearchBase "OU=SomeOU,DC=mydomain,DC=forest,DC=local" -Properties PasswordLastSet | where { $_.PasswordLastSet -eq $null}

Related

SQL Server performance triage? [closed]
Determining why file transfers are so slow
Log out graphical user from command line
What is faster? A local mechical hard drive or a solid state drive over gigabit ethernet?
GNU screen display + from putty
Spam prevention tips for Postfix [duplicate]
Alternative Cisco VPN clients for Windows XP
Can I change the name of an NFS export
Powershell screen buffer
What does a developer need to know about Windows Server?
F5 Big-IP, X-Forwarded-For and IIS Logs
Apache Redirect folder to subdomain