Find AD Users Last Password Change Date

by Robert Allen

In this guide, I’ll show you two options on how to get the last password change date for Active Directory users. This information is saved to the pwdLastSet attribute for each AD user account.

In this article:

Let’s dive right in.

Option 1. Get Last Password Change Date with PowerShell

In this example, I’ll show you how check the last password change date using PowerShell.

Step 1. Open PowerShell

Step 2. Copy and run the below command.

Change -identity to the username of the account you want to check.

Get-ADUser -identity robert.allen  -properties PwdLastSet  | sort Name | ft Name,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}}
get last password change powershell

Option 2. Easily Get Last Password Change Date with the AD Pro Toolkit

In this example, I’ll use the AD Pro Toolkit to get the password last set date for all user accounts.

The toolkit includes an Active Directory Reporting Tool that makes it easy to run password reports for all users or specific user accounts.

Step 1. Click on “Password Reports” then click on the “Password Recently Changed” report.

password recently changed report

Step 2. Enter a time frame and click “Run”. It defaults to showing users who changed their password in the last 30 days.

Optionally, you can click “Browse” to select an OU or group, by default it will run for all users.

Download AD Pro Toolkit

Automated Password Last Set Date Email Report

The AD Pro Toolkit includes a built in schedular so you can automate running a report on when users last changed their password. Click on Scheduler and then click the Add button to create a schedule. This report can be emailed daily, weekly or monthly.

How to Check Last Password Change in Active Directory

To check when a user last changed their password in Active Directory follow these steps.

  1. Open Active Directory users and Computers
  2. Open the account properties
  3. Select the Attribute Editor tab
  4. Scoll down to the pwdLastSet attribute
pwdlastset active directory

Get-ADUser PwdLastSet Details

The PwdLastSet attribute is stored as an Interger8 data type, meaning it’s not in a readable format.

The PowerShell expression below is used to convert the PwdLastSet value to a readable value.

@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}}

Here is a screenshot of the value of the PwdLastSet attribute before converting it.

powershell command pwdlastset attribute

Here is a screenshot after adding the expression to the PowerShell command.

pwdlastset expression date

The AD Pro Toolkit converts the pwdLastSet by default making it fast and easy to use.

password recently changed date ad toolkit.

Click here to download a free trial.

Get Password Last Set Date for Users From Specific Organizational Unit (OU)

Use the -SearchBase option to specify an OU. The below example gets the password last set for all users in my Accounting OU.

Get-ADUser -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" -properties PwdLastSet  | sort Name | ft Name,@{Name='PwdLastSet';Expression={[DateTime]::FromFileTime($_.PwdLastSet)}}

With the AD Pro Toolkit just click browse and select one or multiple OUs.

select an ou

You Might Also Like:

5 thoughts on “Find AD Users Last Password Change Date”

  1. Stefanos Gargalas

    if u want to find for one user u can use the net user username /domain command. Nice article robert!

    Reply
  2. Nate

    How do I get specific users if im searching the entire AD?

    Reply
    • Avatar photo
      Robert Allen

      Use “get-ADUser -identity username” to get the password details for a specific user.

      Reply
  3. Jesper

    Instead of the export-csv, you can just pipe the output, to a text file, by using “>”path and filename””

    ex:
    Get-ADUser -filter * -properties PwdLastSet | sort Name | ft name,@{Name=’PwdLastSet’;Expression={[DateTime]::FromFileTime($_.PwdLastSet)}} >c:\temp\lastpwchg.cfg

    Reply
    • Avatar photo
      Robert Allen

      Thanks for the example Jesper.

      Reply

Leave a Comment