Using Powershell to list all users that had completed a password reset within the last 30 days
Summary
The script code below lists the Display Name and the Date/time of users that had completed a password reset within the last 30 days and export it to a CSV File.
The script queries a MPR called "Anonymous users can reset their password" and returns its ObjectID, then use it to do a new query searching for "requests" with these parameters:
ManagementPolicy = ObjectID of "Anonymous users can reset their password" RequestStatus = Completed CreatedTime after 30 days ago
set-variable -name URI -value "http://localhost:5725/resourcemanagementservice' " -option constant
set-variable -name CSV -value "ExportResetPassUsers.csv"
If(@(Get-PSSnapin | Where-Object {$_.Name -eq "FIMAutomation"} ).count -eq 0) {Add-PSSnapin FIMAutomation}
clear
$MPRFilter = "/ManagementPolicyRule[DisplayName='Anonymous users can reset their password']"
$curObjectMPR = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($MPRFilter) -ErrorVariable Err -ErrorAction SilentlyContinue
$MPRObjectID = (($curObjectMPR.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "ObjectID"}).value).split(":")[2]
$Filter = "/Request[(ManagementPolicy = '$MPRObjectID') and (RequestStatus = 'Completed') and (CreatedTime > op:subtract-dayTimeDuration-from-dateTime(fn:current-dateTime(), xs:dayTimeDuration('P30D')))]"
$curObject = export-fimconfig -uri $URI –onlyBaseResources -customconfig ($Filter) -ErrorVariable Err -ErrorAction SilentlyContinue
[array]$users = $null
foreach($Object in $curObject)
{
$ResetPass = New-Object PSObject
$UserDisplayName = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "DisplayName"}).Value).split("'")[1]
$ResetDateTime = (($Object.ResourceManagementObject.ResourceManagementAttributes | Where-Object {$_.AttributeName -eq "CreatedTime"}).Value)
$ResetPass | Add-Member NoteProperty "DisplayName" $UserDisplayName
$ResetPass | Add-Member NoteProperty "ResetDateTime" $ResetDateTime
$Users += $ResetPass
}
$users | export-csv -path $CSV
Go to the FIM ScriptBox
***** Paulo H. Campos - São Paulo/Brasil ***** http://identitypedia.blogspot.com (in PT-BR)
June 29th, 2010 9:03pm