
PowerShell – List AD Users Password Expiry Dates
The PowerShell script below will list you Display Name and Password Expiry Date of all AD users.
1 |
Get-ADUser -filter {(Enabled -eq $True) -and (PasswordNeverExpires -eq $False)} -Properties DisplayName, msDS-UserPasswordExpiryTimeComputed | Where-Object {$_.DisplayName -ne $null} | Select DisplayName,@{Name="ExpiryDate";Expression={([datetime]::fromfiletime($_."msDS-UserPasswordExpiryTimeComputed"))}} |
It uses the msDS-UserPasswordExpiryTimeComputed attribute, be aware of that attribute is not exists on AD LDS.
It is implemented on Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, and Windows Server 2012 R2 operating system.
1 2 3 4 5 6 7 8 9 10 11 12 |
cn: ms-DS-User-Password-Expiry-Time-Computed ldapDisplayName: msDS-UserPasswordExpiryTimeComputed attributeId: 1.2.840.113556.1.4.1996 attributeSyntax: 2.5.5.16 omSyntax: 65 isSingleValued: TRUE schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72 systemOnly: FALSE searchFlags: 0 attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529 systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED schemaFlagsEx: FLAG_ATTR_IS_CRITICAL |
Thanks, it has been very helpful