Active Directory: Password Expiry date Report for all accounts


I had a requirement to generate password expiry date report for all accounts to validate a password policy change. Here is what I came up with (who know someone have same need for this report).

Important point is the calculated property msDS-UserPasswordExpiryTimeComputed. Which is in Long Date format.

It will create an CSV file on the same directory on where the script runs.

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False}  –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed"
 | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} `
 | Export-Csv -path .\Password-Expiry-Report.csv -NoTypeInformation

Here is the same report:

“Displayname”,”ExpiryDate”
“Tim Dangthatsme”,”8/23/2019 9:23:10 AM”
“Don Anonymous”,”7/31/2014 3:17:20 AM”
“Robert Dome”,”12/17/2019 8:14:17 AM”
“Introvert Hopkins”,”9/6/2019 10:57:07 AM”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s