As usual Joe shared a great insight that trusts well-doing can in one way be verified by checking the trust accounts for their last password resets. When trusts are created the accounts for them are by default created under ‘Users’ container, and are named as TrustedDomain$ and just like computer accounts, trusts reset their password every 30 days, and . He showed how to look up the ‘pwdlastset’ attribute using his ADFIND tool. Below I show you the PowerShell way.
$old=(get-date).adddays(-30)
Get-QADUser -SearchRoot ‘mydomain.int/users’ -Name “*$*” -IncludedProperties pwdlastset | where {$_.pwdlastset –gt $old}
You may also sort and view the results as below
Any trusts that have not reset their passwords in last 30 days are probably no longer valid. If you are using ADWS on Windows Server 2008 R2, then something like below should suffice, assuming you have already created the $old variable using the same command as above.
Get-ADUser -Filter ‘Name -like “*$*”‘ -Properties pwdlastset | where {$_.pwdlastset –gt $old}
Hey very cool blog!! Man .. Beautiful .. Amazing .. I’ll bookmark your blog and take the feeds also…I’m happy to find a lot of useful info here in the post, we need develop more techniques in this regard, thanks for sharing. . . . . .
Link | January 7th, 2012 at 9:14 am
Howdy, The nice post sites just identified your web site on with google assisted me a great deal! I definitely such as the information, thank you.
Link | January 22nd, 2012 at 4:02 am