We delete accounts after a period of time after they are disabled, and for a long time we were using the WhenChanged field. We found that WhenChanged changes when users are removed from groups, so we wanted to try to use the object meta data since the userAccountControl attribute isn't likely to change as much as the WhenChanged field. I created a small function to help me connect to the domain controller and retrieve the attribute metadata but the function isn't returning any data.
Function GetUACReplicationDate {
param ($Server, $DN)
$DCcontext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('DirectoryServer', $Server)
$DC = [System.DirectoryServices.ActiveDirectory.DomainController]::GetDomainController($DCcontext)
$UserRepData = $DC.getreplicationMetaData($DN)
$DateToReturn = $UserRepData.UserAccountControl.LastOriginatingChangeTime
Return ,$DateToReturn
}$DateToReturn never gets assigned a value. If I put a stop in at the return statement and try the following at the debug prompt I still get nothing:
$UserRepData.UserAccountControl.LastOriginatingChangeTime
If I remove the .LastOriginatingChangeTime portion it still doesn't work. At that point if I delete the last letter fromUserAccountControl and then hit tab and enter, I get the values I expect. I can then tab through to LastOrginatingChangeTime and it will return the value. Of course this is no use to my script which never works... I have tried braking it out in different ways, but have not found any method that works. Anyone know how to work around this or do I have a typo I just can't see?