Avatar of grizrules
grizrules
 asked on

Trying to find out when a domain user(s) password expire with powershell

First, I'm a beginner at using powershell.  I only know what I read and can do simple commands by cut and paste.

I'm trying to find out  when all my users passwords  in Active Directory will expire so I can let them know before hand as they sometimes don't pay attention to the warning.

I know I can use the
net user username /domain command, but that is for a single user.  I'd like to get a list of all users expiring passwords.

So far I have not found anything useful on the web.   Most of it is outdated.

I found this command, but its for ACCOUNTS expiring:

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

This other command was the one I thought would work but apparently it doesn't work
Search-ADAccount -PasswordExpiring -DateTime 10/15/2009 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

The reason it doesn't work is because, The PasswordExpiring option doesn't exist for the Search-ADAccount cmdlet on 2008 R2

Note I'm using Windows 2012 R2

Can someone assist with a nice command.  Does one exist?

Thank you
Active DirectoryPowershell

Avatar of undefined
Last Comment
grizrules

8/22/2022 - Mon
footech

Pretty sure -PasswordExpiring isn't a parameter in any version of Search-ADAccount.

Rather than inventing a script from scratch, here's a good function for single user.
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
It could be reworked to show all users.  It's likely that someone has already posted something for this in the MS Technet Script Gallery.  See here.
ASKER CERTIFIED SOLUTION
Will Szymkowski

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
grizrules

ASKER
Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?
Will Szymkowski

Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?

If you are already using it then no it is not required in the script. In Powershell v3 and up it will ignore the command if it is already imported into the Powershell session.

In eariler versions of Powershell v1/v2 it will provide an error message stating that it is already imported, however,  this is just an astetics thing as it does not stop or prevent the script from running. So it is a personal preference. I typically leave it because it is now ignored in newer versions of powershell and if i run a script in a new session where i do not have the module imported then it does it automatically for me.

Will.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
grizrules

ASKER
Worked beautifully, exactly what I was looking for.

Thanks!
grizrules

ASKER
Great info, good response time.