Random, erratic, no responsibility is taken for the correctness of this information
Short PowerShell sample to calculate the expiration date of a users password. The script evaluates the domain password policy as well als fine grained password policy (if any) and the user account control flag password never expires.
function Show-PasswordExpirationDate { param( [string]$SamAccountName ) $user = Get-ADUser -Identity $SamAccountName -Properties PasswordLastSet,PasswordNeverExpires $MaxPWAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge $MaxPWAgeFGPP = (Get-ADUserResultantPasswordPolicy -Identity $SamAccountName).MaxPasswordAge if($MaxPWAgeFGPP){ $FGPPActive = $true } else{ $FGPPActive = $false } try { $pwlastSet = Get-Date ($user).PasswordLastSet if($user.PasswordNeverExpires){ $ExpirationDate = "Password Never Expires" } else{ if($MaxPWAgeFGPP){ $ExpirationDate = $pwlastSet + $MaxPWAgeFGPP } else{ $ExpirationDate = $pwlastSet + $MaxPWAge } } } catch { $pwlastSet = "never" } $objResult = New-Object System.Object | Select-Object -Property SamAccountName,PWExpires,FGP_Present $objResult.SamAccountNAme = $SamAccountName $objResult.PWExpires = $ExpirationDate $objResult.FGPPPresent = $FGPPActive $objResult } get-aduser -filter * | ForEach-Object { Show-PasswordExpirationDate -SamAccountName $_.SamAccountName }