Reputation: 3281
Get Azure Active Directory password expiry date in PowerShell
I am working with Azure Active Directory and want to know when a user's password expires.
Currently I use these PowerShell commands to connect to msol service successfully and get password expiry, but I'm not quite sure how to get password expiry date.
I am using Azure Active Directory PowerShell module.
Connect-MsolService
Get-MsolUser -UserPrincipalName 'Username' | Select PasswordNeverExpires
Upvotes: 8
Views: 43871
Answers (3)
Reputation: 1499
Using Get-ADUser, I find this to be a simpler approach:
az login -u [email protected]
$identity="someuser"
Get-ADUser -identity $identity -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Select-Object -ExpandProperty ExpiryDate -OutVariable expiryDate
Upvotes: 0
Reputation:
What Mathias R.Jessen said was correct.
But, you may get inaccurate data in some cases like When a tenant has multiple domains (Each domain can have different password policy), when 'Password never expires' set for individual users and if 'password never expires' set through Password policy.
Below code will help you to get the correct result.
$Domains=Get-MsolDomain #-Status Verified
foreach($Domain in $Domains)
{
$PwdValidity=(Get-MsolPasswordPolicy -DomainName $Domain).ValidityPeriod
$PwdPolicy.Add($Domain.name,$PwdValidity)
}
Get-MsolUser -All | foreach{
$UPN=$_.UserPrincipalName
$PwdLastChange=$_.LastPasswordChangeTimestamp
$UserDomain= $UPN -Split "@" | Select-Object -Last 1
$PwdValidityPeriod=$PwdPolicy[$UserDomain]
}You can download the script from Microsoft's technet gallery: https://gallery.technet.microsoft.com/Export-Office-365-Users-91b4fc50
Upvotes: 1
Reputation: 175085
You're looking for the LastPasswordChangeTimestamp attribute:
Get-MsolUser -UserPrincipalName 'Username' |Select LastPasswordChangeTimestamp
This only tells you when the password was last changed, not when it will expire, so grab the password validity from the Password Policy as well:
$PasswordPolicy = Get-MsolPasswordPolicy
$UserPrincipal = Get-MsolUser -UserPrincipalName 'Username'
$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)
$PasswordExpirationDate should now have the timestamp for when the password expires
Upvotes: 4
Related Questions
- PowerShell script to find the user password expiry date and renew it to a custom date
- Powershell get password expiration date without import AD module
- Azure Powershell Check for expired credentials
- Powershell Creating Password Expiration Report
- Get expiring Azure AD applications
- Calculate AD password age from expiration date Powershell
- Get Password expiry date for one single user in AD
- Active Directory password expiration in powershell
- account expiration/password expiration in active directory
- PowerShell - Get Password Expiration for all non Disabled Users in AD