Getting user password expiration from Fine group password policy in windows 2008 R2

From an another closed post I was given the following query to use in powershell

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties Name, msDS-UserPasswordExpiryTimeComputed

Looking more closely at the output I realize that it's spiting out every user in the AD as having an password that's expired/expiring. What I was looking for was a powershell method to list all users who will have passwords expiring in the next 10 days based on the fine group password policy. Tools I'm using now are reporting the wrong users as they are only looking at the dc group policy
iamuserAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
How are your FGPP defined? Are you using a security group that you reference with the users in it? We have to know this info in order to call the script and all of the users within the group or OU where you are assigning the FGPP.

Will.
iamuserAuthor Commented:
Yup there is a security group. It is called 'passexp', all users are in the this, the OU is 'regstaff'
Will SzymkowskiSenior Solution ArchitectCommented:
Try the following...
Import-module activedirectory
$Check = Get-ADGroupMember -Identity passexp
$Check | Get-ADUser -Properties Name, samaccountname, msDS-UserPasswordExpiryTimeComputed | 
select Name, samaccountname, @{n="expired";e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} |
Export-csv "c:\AccountExpireDates.csv" -nti

Open in new window


Will.
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

iamuserAuthor Commented:
I ran it and it gave me a list of 400 people with expiring passwords. I don't think that's correct, at least 2 users on that list recently changed their passwords and they shouldn't be showing up
iamuserAuthor Commented:
I have this part here which I like

[datetime]::FromFileTime((Get-ADUser -Identity samaccountname -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed")

it  outputs the date and time of when the password is going to expire for that particular person.

If i can get it to loop through all the users in the passexp group i'm set. So far nothing I've tried works.
Will SzymkowskiSenior Solution ArchitectCommented:
I have modified the above script for a foreach loop.

Import-module activedirectory
$Check  = Get-ADGroupMember -Identity passexp
ForEach ($User in $Check) {
Get-ADUser -Identity $User.sAMAccountName -Properties Name, samaccountname, msDS-UserPasswordExpiryTimeComputed
select Name, samaccountname, @{n="expired";e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} |
Export-csv "c:\AccountExpireDates.csv" -nti
}

Open in new window


Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
iamuserAuthor Commented:
thanks, it works
Will SzymkowskiSenior Solution ArchitectCommented:
Perfect, glad that i could help!

Will.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.