Musings on the splendour of PowerShell One-Liner: Get a List of AD Users Password Expiry Dates - PoSh Chap - Site Home - TechNet Blogs

PoSh Chap

Musings on the splendour of PowerShell

One-Liner: Get a List of AD Users Password Expiry Dates

One-Liner: Get a List of AD Users Password Expiry Dates

  • Comments 4
  • Likes

All good things come to an end.

Rivers run their course, curtains fall and… passwords expire. We have epilogues, codas and an Active Directory attribute named msDS-UserPasswordExpiryTimeComputed.

 How can we use that attribute to get a list of enabled Active Directory accounts and their password expiry times?

 

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed"

|

Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

  

 

 

Here’s some sample output:

 

The end.

Comments
  • Thanks

  • Nice one...Thanks for Sharing...IMHO This should be a default in the UI

  • This returns a date/time with a year of 1600. Why not just detect the max password age and add it to PasswordLastSet? Like so:

    $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties * |
    Select-Object -Property "Displayname", `
    @{l="ExpiryDate";e={$_.PasswordLastSet.AddDays($maxPasswordAge)}}

  • Tony your syntax doesn't work. Should be:

    $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties * |
    Select-Object -Property "Displayname", @{n="ExpiryDate";e={$_.PasswordLastSet.AddDays($maxPasswordAge)}}

    After running that, the ones that showed a year of 1600 will now just not show any date. I think what you're picking up there are shared mailboxes and/or replicated contacts.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment