Categories
Scripts and Tools

How To Find Users Created X Days Ago in Powershell

Abstract conceptual image of a Powershell Script

Some time ago, I was dealing with an onslaught of security incidents. Each of these incidents seemed to target Active Directory in one way or another. During one of the incidents I dealt with earlier in May of 2022, I wrote some scripts to help me throughout my investigation phase. A few of these scripts I wrote have some broader applications beyond security, so I figured I’d share one of them here.

How to Find What Active Directory Users Were That Were Created In The Last [Number Of] Days

Managing an Active Directory that sees a lot of user turnover in short periods creates a need for better oversight. This script helps to figure out who was created in the last so many days. In my case, I needed to see user additions to a particular Active Directory over the previous 180 days.

This PowerShell script works on 4.0 but will also work on PowerShell 5.1.

Step 1: Copy this script and save it as get_users_created_in_(number here)_days.ps1

Make sure to change (number here) to the number of days that you want to look back from. Change the numbers on lines 8 and 9. In this example I have 30 days set as my time horizon.

# This script will get users created in the last 180 days, and dump the results to text
# in the SAME DIRECTORY that you are running the script from.
# To change time, edit the (180) in .AddDays(-180).Date line. 
#  -RFC
#

$prvDate = ((Get-Date).AddDays(-30)).Date
Get-ADUser -Filter {whenCreated -ge $prvDate} -Properties whenCreated | Select Name, whenCreated | Sort-Object whenCreated | Out-File -FilePath .\users-last-30.txt

Step 2: Run this script in Powershell on a server or VM with the Get-ADUser cmdlet.

To do this, open up Powershell as an administrator.

PS C:\> get_users_created_in_(number here)_days.ps1

Step 3: Open the output file

The script will dump the list into a text file you can review visually. It will save in the same directory as the script.

Closing Thoughts

So, hopefully this script is helpful as you wade your way through whatever Active Directory mess you have found yourself in. If this is your first foray into scripting, feel free to contact me if you have any questions. I’m here to be helpful!

Avatar photo

By Rick Conlee

I have over 20 years of experience in IT. I understand legacy architecture as well as current DevOps paradigms. Young enough to learn, old enough to remember.