In this guide, I’ll show you how to get the password expiration date for Active Directory User Accounts. This is very easy to do.
I will provide a few examples that go over how to get this information for a single user and how to get the expiration date for all AD users.
PowerShell Get All Users Password Expiration Date
Step 1. Open PowerShell
Step 2. Copy and paste the script below.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Step 3. Export the list.
To export the list add this to the end of the command.
export-csv -path c:\temp\passwordexpiration.csvEasily Check Password Expiration Date with AD Pro Toolkit
The AD Pro Toolkit includes multiple Active Directory Tools to manage user and computers. With the toolkit you can easily get users password expiration date and other account information.
On the user management page search and select a user account. The password expiration date and other user information will be displayed in the “User Details” box.
To get the password expiration date for all users follow these steps:
Step 1: Click on Password Reports > Password expiration date and click Run. Click browse to select an OU or group.
Step 2. To export the list, click the export button.
How to Check Password Expiration Date for a Single User
To get the password expiration date for a specific user run this command.
In this example, I’m checking the date for user “robert.allen”.
Get-ADUser -identity robert.allen –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Get Password Expiration Date for Users in an Organizational Unit
To get only users in an OU you will need to use the -SearchBase option and the distinguishedName of the OU.
In this example, I’ll get all users from my Management OU.
Get-ADUser -filter * -SearchBase "OU=Management,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Get Passwords Expiring in the Next 30 Days
With the AD Pro Toolkit, you can choose a time frame for when passwords will be expiring.
Enter a number in the box, it defaults to passwords expiring in the next 30 days.
Now you will see a list of users that that has a password expiring in the next 30 days.
Password Expiration Email Notification
To get an automated email report of password expiration dates use the built in task scheduler.
Click on Scheduler and then click Add to create an automated report.
Download AD Pro Toolkit and try the password expiration date reports.
The toolkit’s Active Directory Reporting Software includes over 200 built-in reports on users, computers, groups, and more.
Using the Net User command to Display Password expiresDate
This last method uses the built in net user command to display a users password expiration date. This is useful to quickly check the password expires date for a single domain user account.
Open the windows command prompt and type the command below.
Net user USERNAME /domain
In this example, I’ll use the account robert.allen.
In addition to displaying the password expires date it also provides other useful information such as password last set, when the password can be changed if the account is active, and so on.
I’ve worked as a System Administrator for years and I’ve never had the need to create a report on users password expiration date. With that said this article is one of the most popular tutorials on my website, so I guess there is a need for it. You should have no problem generating a password expiration date for all domain user accounts using one of the methods from this article.
I’d love to hear your feedback on the use case for this report. Do your computers not notify users the password will expire in x days?