Lerch Web Wiki

Random, erratic, no responsibility is taken for the correctness of this information

User Tools

Site Tools


powershell:ad:pwexpiration

Show Password Expiration Date

Short PowerShell sample to calculate the expiration date of a users password. The script evaluates the domain password policy as well als fine grained password policy (if any) and the user account control flag password never expires.

Show-PasswordExpirationDate.ps1
function Show-PasswordExpirationDate {
    param(
        [string]$SamAccountName
    )
    $user = Get-ADUser -Identity $SamAccountName -Properties PasswordLastSet,PasswordNeverExpires
    $MaxPWAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    $MaxPWAgeFGPP = (Get-ADUserResultantPasswordPolicy -Identity $SamAccountName).MaxPasswordAge 
    if($MaxPWAgeFGPP){
        $FGPPActive = $true
    }
    else{
        $FGPPActive = $false
    }
    try { 
        $pwlastSet = Get-Date ($user).PasswordLastSet
        if($user.PasswordNeverExpires){
            $ExpirationDate = "Password Never Expires"
        }
        else{
            if($MaxPWAgeFGPP){
                $ExpirationDate = $pwlastSet + $MaxPWAgeFGPP
            }
            else{
                $ExpirationDate = $pwlastSet + $MaxPWAge
            }
        }
    }
    catch {
        $pwlastSet = "never"
    }
    $objResult = New-Object System.Object | Select-Object -Property SamAccountName,PWExpires,FGP_Present
    $objResult.SamAccountNAme = $SamAccountName
    $objResult.PWExpires = $ExpirationDate
    $objResult.FGPPPresent = $FGPPActive
    $objResult 
}
get-aduser -filter * | ForEach-Object { Show-PasswordExpirationDate -SamAccountName $_.SamAccountName } 
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
powershell/ad/pwexpiration.txt · Last modified: 2017/02/27 09:18 by marcus