Powershell Tip #38: Find the user password expiration date

By | September 8, 2015

Tip: You can check the expiration date of a user’s password by using msDS-UserPasswordExpiryTimeComputed attribute.

msDS-UserPasswordExpiryTimeComputed
https://msdn.microsoft.com/en-us/library/cc223410.aspx

  • It is a constructed attribute (it is not a “real” attribute but calculated when being queried)
  • Automatically calculates the expiration password date and also taking in consideration Fine Grained Password Policies (FGPP)
  • Simplify your code (no need to manually calculate so your code is easier to write and also faster)

pasword-expiration-date-function-active-directory-user

Note 1: When using “net user samAccountName /domain“, the value returned by “Password expires” doesn’t take in consideration the fine grained policies (net user samAccountName /domain is not reliable, you should rather use msDS-UserPasswordExpiryTimeComputed to get the correct and exact password expiration date).

Note 2: Get-ADUser is a cmdlet from the activediretory module.

Note 3 : To list all the Active Directory constructed attributes :


previous-buttonnext-button

Leave a Reply

Your email address will not be published. Required fields are marked *