In this post we’ll look retrieving password information to find out when a user last changed their password and if it is set to never expire.
As a quick recap, to view the available options with Get-ADUser type.
Next we want to find out what the name of the properties of a user account we want to look at are called. So we will take a look at an individual user account in its entirety.
Get-ADUser -identity username -properties *
So the property names we are interested in are: PasswordLastSet and PasswordNeverExpires. So we can run the command specifying these properties only and output the results in a table.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
To make things easier to find in a big environment you may want to sort the list by name.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires | sort name | ft Name, passwordlastset, Passwordneverexpires
Type: Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password-info-20131119.csv
Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx
Where cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx
Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx
Select-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176955.aspx
Export-csv cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176825.aspx
This is one of my most popular posts, so if you found it useful please share with your colleagues, like or leave a comment. Thanks, Carl.