Home » PowerShell » Get-AdUser PwdLastSet – Get Aduser last password change

Get-AdUser PwdLastSet – Get Aduser last password change

PwdLastSet attribute stores information about the last password change. In the active directory, you can check the last password change in Active Directory for the user account using the attribute called PwdLastSet.

The Get-AdUser PwdLastSet attribute stores the DateTime when the user password last time changed. If the value of Get-AdUser PwdLastSet is 0, the user has never logged on to the system. PwdLastSet attribute stores the user password last changed DateTime value in large integer format and is not human readable.

Get-AdUser PwdLastSet - Password last changes
Get-AdUser PwdLastSet – Password last changes

In this article, I will explain how to use the Get-AdUser PwdLastSet attribute to get a list of users who have never logged on or get a list of aduser last passwords to change DateTime using PowerShell.

Get-AdUser PwdLastSet to get user password DateTime

If you want to get active directory user last set password date timestamp, run the below command

Get-ADUser -Identity Toms -properties PwdLastSet,PasswordLastSet  | sort Name | ft Name,PwdLastSet,PasswordLastSet

In the above PowerShell script, Get-AdUser cmdlet gets active directory user object specified by samaccountname and selects properties PwdLastSet and PasswordLastSet of user object and pass output to the second command.

Second command select Name and print it Name, PwdLastSet, and PasswordLastSet on console as below

Name              PwdLastSet PasswordLastSet
----              ---------- ---------------
Tom Smith 132721241372821181 7/30/2021 1:08:57 PM

As seen in the above output, the Get-AdUser PwdLastSet date format is a large integer. PasswordLastSet attribute contains the calculated value of the PwdLastSet attribute in date-time format.

We can use the expression for get-aduser pwdlastset convert to date format as below

@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}}

Final PowerShell script to convert pwdlastset attribute value from number format to DateTime format as below

Get-ADUser -Identity Toms -properties PwdLastSet,PasswordLastSet  | sort Name | ft Name,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}},PasswordLastSet

The output of the above command after pwdlastset converts to date timestamp format as below

Name      PwdLastSet           PasswordLastSet
----      ----------           ---------------
Tom Smith 7/30/2021 1:08:57 PM 7/30/2021 1:08:57 PM

In the above output, it gets aduser last password change date using the PasswordLastSet property.

Tip: Use the Get-ADUser PasswordLastSet attribute if you want to query ad users for password last changed DateTime because of its DateTime format.

Cool Tip: How to find adusers password expiration date in PowerShell!

Convert pwdlastset to date using PowerShell

The pwdlastset attribute of the active directory user stores the last password change. This timestamp is the number of 100-nanoseconds intervals since Jan 1, 1601, UTC.

pwdlastset attribute stores timestamp in System.Int64 data type format.

To convert pwdlastset to DateTime using PowerShell, use the below steps

  • Use the DateTime class and call its FromFileTime method using the scope resolution operator ::
  • FromFileTime method takes active directory user pwdlastset attribute as an input parameter.
  • Expression evaluates the [DateTime]::FromFileTime($_.PwdLastSet) into a human-readable format and converts pwdlastset to date in PowerShell.

The pwdlastset convert to date example is given below:

Get-ADUser -Identity Toms -properties PwdLastSet,PasswordLastSet  | sort Name | ft Name,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}},PasswordLastSet

The output of the above in PowerShell converts pwdlastset to DateTime in human-readable format for pwdlastset value of 132975302840000000 is :

Name      PwdLastSet           PasswordLastSet
----      ----------           ---------------
Tom Smith 5/20/2022 2:24:44 PM 5/22/2022 2:24:44 PM

Get-AdUser PwdLastSet – Get Users from Specific OU

If you want to get list of adusers password last time changed in specific OU using the Get-AdUser PwdLastSet filter parameter as below

Get-ADUser -SearchBase "OU=SALES,DC=SHELLPRO,DC=LOCAL" -Filter * -Properties Name,PwdLastSet,PasswordLastSet |  sort Name | ft Name,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}},PasswordLastSet

In the above PowerShell script, the Get-AdUser cmdlet get list of aduser from specific OU using the SearchBase parameter and passes the output to the second command.

Second command sort users list by name and print Name, PwdLastSet, and PasswordLastSet properties on the console as below

Name       PwdLastSet           PasswordLastSet
----       ----------           ---------------
Chris Dore 8/1/2021 3:36:53 PM  8/1/2021 3:36:53 PM
Tom Smith  7/30/2021 1:08:57 PM 7/30/2021 1:08:57 PM
Dev                    0

In the above output,

The first two records display PwdLastSet in date format as we have used expression to convert large integers to DateTime format.

However, the last record for aduser Dev has PwdLastSet 0 value, which means that the user has never logged on, hence the PwdLastSet value is 0.

It also displays the aduser’s last password change date.

Conclusion

I hope the above article about the Get-AdUser PwdLastSet attribute helps you to understand when was the last DateTime user password changed.

PwdLastSet attribute contains System.Int64 integer value and needs to convert into DateTime for human-readable format. Read more to export ad user to csv file in PowerShell.

PasswordLastSet attribute displays the active directory user last password change date.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment