Get Password Expiration Date in PowerShell

Using Get-ADUser Cmdlet

Use the Get-ADUser cmdlet to get the password expiration date for one specific user in an Active Directory.

The Get-ADUser cmdlet is used to get one or multiple users from an active directory. We used it with the -Identity parameter to only get the Administrator user with SamAccountName and msDS-UserPasswordExpiryTimeComputed properties. We specified these properties using the -Property parameter.

We piped the details (retrieved from the Get-ADUser cmdlet) to the Select-Object cmdlet to select the values of the SamAccountName and PasswordExipryDate properties. Where did the PasswordExpiryDate property come from while we retrieved msDS-UserPasswordExpiryTimeComputed using Get-ADUser?

We used a HashTable to define custom PowerShell object to create a calculated/custom property whose name would be PasswordExpiryDate and the value would be calculated using msDS-UserPasswordExpiryTimeComputed property.

While creating a calculated property, the expression computed the value of the PasswordExpiryDate property. It used the FromFileTime() method of the DateTime class to convert the msDS-UserPasswordExpiryTimeComputed to a DateTime object.

The reason for doing so was to make the output easier to understand. In HashTable, the semicolon was used as a separator. If you don’t want to use it, define Name and Expression on separate lines by hitting Enter from the keyboard.

Use the Get-ADUser cmdlet to get the password expiration date for all users in an Active Directory.

This example resembles the previous one but we got the expiration date for all the users in an active directory using the specified conditions. Here, we used the -Filter parameter to select only those uses whose Enabled and PasswordNeverExpires properties were equal to $True and $False, respectively. We used -eq to determine the equality while -and was a logical AND operator, which makes the conditional expression true if both conditions are true.

In our case, the conditions were only met for the Administrator user, so we got its password expiry date.

Use the following script if you want to export the sorted output to a CSV file.

This code snippet is the same as the previous one with two additional cmdlets. We used the Sort-Object cmdlet to sort the received input based on the PasswordExpiryDate and piped it to the Out-File cmdlet, which wrote it into the specified file. In our case, it was PasswordExpiryDates.csv

The Sort-Object by default sorts in ascending order. Use the -Descending parameter to sort in descending order.

Using net user Command

Use the net user command to get the password expiration date in the active directory. Usually, this command is used when you quickly want to retrieve the password expiry date for one particular user.

Let’s take another example below.

Do not forget to replace the Administrator and john.powell with your username.

That’s all about get password expiration date in PowerShell.