Get List of Users AD Password Expiration with Powershell

Just a couple good Powershell scripts for getting AD user password expirations.

List all users password expiration date (one-liner)

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "mail", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname","mail",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Out-GridView -Title "Users Password Expirations"

You can change the Out-GridView cmdlet at the end to export-csv or format-table if you want output to cmd.

Export all users expiring in next 7 days

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "mail", "msDS-UserPasswordExpiryTimeComputed" | where { 
$diff = New-TimeSpan ([datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")) (Get-Date)
$diff.Days -le 7 -and $diff.Days -ge 0
} | select "DisplayName","mail",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Export-csv -Path c:\temp\user_pass_expiring.csv

You can change the export path at the end or the number of days by setting $diff.Days -le #

Source: TechNet Blog

comments powered by Disqus