In this post we’ll look retrieving password information to find out when a user last changed their password and if it is set to never expire.
help Get-ADUser
Next we want to find out what the name of the properties of a user account we want to look at are called. So we will take a look at an individual user account in its entirety.
Get-ADUser -identity username -properties *
So the property names we are interested in are: PasswordLastSet andPasswordNeverExpires. So we can run the command specifying these properties only and output the results in a table.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires
So we can now see when a user last changed their password and if it is set to never expire.
To make things easier to find in a big environment you may want to sort the list by name.
Type: get-aduser -filter * -properties passwordlastset, passwordneverexpires | sort name | ft Name, passwordlastset, Passwordneverexpires
And finally, lets export the list to CSV so we can work on it in Excel. In this example we substitute, format table (ft) for select-object.
Type: Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\temp\user-password-info.csv