PowerShell: Get-ADUser to retrieve password last set and expiry information
I’ve written about Get-ADUser before here and here where we used it to create a list of all users and display their homedrive, homedirectory and scriptpath properties.
In this post we’ll look retrieving password information to find out when a user last changed their password and if it is set to never expire.
As a quick recap, to view the available options with Get-ADUser type.
help Get-ADUser
Next we want to find out what the name of the properties of a user account we want to look at are called. So we will take a look at an individual user account in its entirety.
Get-ADUser -identity username -properties *
So the property names we are interested in are: PasswordLastSet and PasswordNeverExpires. So we can run the command specifying these properties only and output the results in a table.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
So we can now see when a user last changed their password and if it is set to never expire.
To make things easier to find in a big environment you may want to sort the list by name.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires | sort name | ft Name, passwordlastset, Passwordneverexpires
And finally, lets export the list to CSV so we can work on it in Excel. In this example we substitute, format table (ft) for select-object.
Type: Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password-info-20131119.csv
Below are some links to invaluable Microsoft Technet references.
Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx
Where cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx
Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx
Select-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176955.aspx
Export-csv cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176825.aspx
Related Posts:
1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1
2. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2
3. PowerShell: Get-ADUser to retrieve disabled user accounts
5. PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember