Using the dsquery command and pwdLastSet attribute for the user, we can get user last password change in an Active Directory.
pwdLastSet attribute stores the last password changed information. It stores the last password changed date-time in a large integer value and not in a human-readable format.
In this tutorial, we will discuss how to use a general version of the dsquery command to check user last password change in an active directory.
Using the w32tm.exe command-line tool, we will convert the pwdLastSet attribute value to the date-time value in a human-readable format.
Dsquery user last password change
Using the general version of the dsquery command, we can get the user password’s last set date-time.
pwdLastSet attribute stores the information about when was the last password set by the user.
dsquery * -filter "samaccountname=toms" -attr displayName pwdLastSet
The output of the above command gets the user’s last password set in the active directory.
In the above output window, it can be seen that the pwdLastSet attribute stores a large integer value for user password change date-time.
Using the w32tm.exe /ntte, it converts pwdLastSet DateTime to date-time in a human-readable format.
Cool Tip: How to use the get list of all users in domain and OU using dsquery!
I hope the above article on how to check user last password change in the active directory using the dsquery command is helpful to you.
Get-AdUser cmdlet in PowerShell is also used to get the active directory user information. Using the Get-AdUser pwdLastSet attribute, it can retrieve the user password last set DateTime.