I'm trying to run a powershell command that lets me figure out the last time users have set their password (on a Server 2008 R2 domain)
PS C:\Users\me> get-aduser -credential MDX\me -filter * -properties * | sort | Foreach-Object { echo "$($_.Name + "," + $_.passwordlastset)" }
My User 1,07/01/2013 08:31:17
My User 2,Some users, this works well... I get their passwordlastset data. Other users, the pwdLastSet is not returned to get-aduser and it doesn't format it into the passwordLastSet field. I'm in the domain admin and enterprise admin groups. The other admin here sees the field for the users I can't see but is missing some users. In the AD Users and Group console the attribute for all the users is properly formatted.
I think its permissions related, but I'm not sure why it would block me from seeing that attribute. The one thing I think may be common to all the users I can see were created by me through the GUI. The users that i can't see properly were created using the new-aduser powershell command by a service account that has rights to create users in only one OU.
Question, any reason that a domain admin shouldn't have access to all the attributes in the directory?