Active Directory Password Expiration

Password expiration is a subject that troubles most helpdesk departments since users are getting locked out if they do not update their password. Today we are going to use Powershell and the ActiveDirectory module in order to create a report that will contain the information related to the passwords.

The Active Directory attributes that are going to get our attention are:
  • PasswordNeverExpires, to check if the password is set to never expire
  • PasswordLastSet, to get the date the password was last set
  • msDS-UserPasswordExpiryTimeComputed, to get when the password is going to expire
Let's combine the above fields in order to create a report for all the users in our Active Directory:

Get-ADUser -Filter * -Properties SamAccountName, `
                                 Mail, `
                                 PasswordNeverExpires, `
                                 PasswordLastSet, `
                                 msDS-UserPasswordExpiryTimeComputed  |
    Select-Object -Property SamAccountName, `
                            Mail, `
                            PasswordNeverExpires, `
                            PasswordLastSet, `

Another use for this report would be to notify the users that their password is going to expire a few days in advance.

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS