I'd need to get a User's password expiration date from a different Windows Domain.
I have RSAT installed on my pc and, using the right credentials, I can indeed read all the target domain data using LDAP Admin or similar tools.
This is my script, working 100% but only for local domain:
function getPasswordExpiryDateforUser($user){
$result = get-aduser $user -Server "other.domain.server:636" –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
return $result
}
getPasswordExpiryDateforUser("myUserName")
If I put another domain in the -Server parameter the error I get is:
get-aduser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
At C:\tests\checkUserPasswordExpiryDate.ps1:2 char:15
+ ... $result = get-aduser $user -Server "other.domain.server: ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (myUserName:ADUser) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUse
Can you suggest an easy way to obtain this result?
I can successfully ping the other domain, I can successfully see its data using tools like LDAP Admin.
Best Answer
You could run the command on the Active Directory server. Connections that are established using Enter-PSSession and Invoke-Command communicate via HTTP by default. However, WinRM encrypts the transferred data.
Here is a link to it.
https://blogs.technet.microsoft.com/ashleymcglone/2016/11/30/how-to-run-a-powershell-script-against-multiple-active-directory-domains-with-different-credentials/
And an example: