Its very important as an administrators to get-aduser password expiration date and notify users about password expiration date to prevent account being locked out.
In this article, I will explain how to use PowerShell Get-AdUser cmdlet to get ad users password expiration date and export user password expiration details to csv file.
Active Directory Get-ADUser cmdlet has pwdlastset and passwordlastset attributes which provide information about password last set date.
Get-ADUser msDS-UserPasswordExpiryTimeComputed attribute contains expiry date for user account.
Get-AdUser Password Expiration Date
To find get adusers password expiration date using PowerShell, run below command
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, msDS-UserPasswordExpiryTimeComputed | Select-Object -Property Displayname,@{Name="Expiration Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
In the above PowerShell script, Get-ADUser get list of active directory users, it uses filter parameter to get only enabled users and password never expires set to false from active directory.
First command get aduser displayname and msDS-UserPasswordExpiryTimeComputed property to use for password expiration date.
Second command, Select DisplayName and convert msDS-UserPasswordExpiryTimeComputed attribute value from large integer data type to date time format and pass output to third command.
Third command display active directory display user name, adusers password expiration date on console as below
If you want to export adusers password expiration date, run below command
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties DisplayName, msDS-UserPasswordExpiryTimeComputed | `
Select-Object -Property Displayname,@{Name="Expiration Date";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | `
Sort-Object "Expiration Date" | Export-Csv -Path C:\adusers-password-expiration-date.csv -NoTypeInformation
In the above PowerShell script, it uses Export-Csv cmdlet to export adusers name and password expiration date. Refer article on PowerShell multiline command to beautify your PowerShell script code and make it more readable.
Conclusion
I hope above article on using PowerShell Get-ADUser cmdlet to get-aduser password expiration date helpful and educational. You can use above script to get your active directory users expiration date and export it to csv file.
Get-AdUser Enabled attribute check active directory enabled status , like user is active or disabled. Read more here if you want to get disabled users in active directory.
Get-Aduser msDS-UserPasswordExpiryTimeComputed attribute contains large integer datatype value of password expiration date which need to be convert to datetime before we use it.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.