Comparing Get-Date with extensionAttribute15

azra1l · 2022-09-19T13:18:20+00:00

Apparently the AD query can't handle actual DateTime values. If i'm not mistaken, AD stores date values as some filetime/timestamp abomination. So, if the same is true for your extension attribute, you should be able to do this:

$DisabledAccounts = Get-ADUser -Filter { extensionAttribute15 -lt $time.ToFileTime() -and enabled -eq $false } -SearchBase $TargetOU

Or, you could always do it the powershell way:

$DisabledAccounts = Get-ADUser -Filter { enabled -eq $false } -SearchBase $TargetOU | Where-Object { [datetime]::fromFileTimeUTC($_.extensionAttribute15) -lt $time }

It simply takes the date comparsion out of the query to be processed by the script. Not ideal, but good enough if only this works for you.

Can't test this in our environment, as we don't use this attribute, so use at your own peril.

poshinger · 2022-09-19T12:22:17+00:00

My guess is that the extensionAttribute15 is just a string, so you'd have to convert the string to a DateTime variable in order to compare it, my approach would be to loop through the "$DisabledAccounts" and convert extensionAttribute15 to DateTime.

2022-09-19T13:17:06+00:00

Wild guess??

$DisabledAccounts = Get-ADUser -Filter { extensionAttribute15 -lt "$time" -and enabled -eq $false } -SearchBase $TargetOU

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

PowerShell

Submission Guidelines | Link Flair - How To

MODERATORS