Powershell Tip #38: Find the user password expiration date

By | September 8, 2015

Tip: You can check the expiration date of a user’s password by using msDS-UserPasswordExpiryTimeComputed attribute.


  • It is a constructed attribute (it is not a “real” attribute but calculated when being queried)
  • Automatically calculates the expiration password date and also taking in consideration Fine Grained Password Policies (FGPP)
  • Simplify your code (no need to manually calculate so your code is easier to write and also faster)


Note 1: When using “net user samAccountName /domain“, the value returned by “Password expires” doesn’t take in consideration the fine grained policies (net user samAccountName /domain is not reliable, you should rather use msDS-UserPasswordExpiryTimeComputed to get the correct and exact password expiration date).

Note 2: Get-ADUser is a cmdlet from the activediretory module.

Note 3 : To list all the Active Directory constructed attributes :


Leave a Reply

Your email address will not be published.