Trying to find out when a domain user(s) password expire with powershell

First, I'm a beginner at using powershell.  I only know what I read and can do simple commands by cut and paste.

I'm trying to find out  when all my users passwords  in Active Directory will expire so I can let them know before hand as they sometimes don't pay attention to the warning.

I know I can use the
net user username /domain command, but that is for a single user.  I'd like to get a list of all users expiring passwords.

So far I have not found anything useful on the web.   Most of it is outdated.

I found this command, but its for ACCOUNTS expiring:

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

This other command was the one I thought would work but apparently it doesn't work
Search-ADAccount -PasswordExpiring -DateTime 10/15/2009 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

The reason it doesn't work is because, The PasswordExpiring option doesn't exist for the Search-ADAccount cmdlet on 2008 R2

Note I'm using Windows 2012 R2

Can someone assist with a nice command.  Does one exist?

Thank you
grizrulesAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
Pretty sure -PasswordExpiring isn't a parameter in any version of Search-ADAccount.

Rather than inventing a script from scratch, here's a good function for single user.
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
It could be reworked to show all users.  It's likely that someone has already posted something for this in the MS Technet Script Gallery.  See here.
Will SzymkowskiSenior Solution ArchitectCommented:
The easiest way to accomplish this is using the command below...
Import-module activedirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{n="Expiry Date";e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

Open in new window


Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
grizrulesAuthor Commented:
Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Will SzymkowskiSenior Solution ArchitectCommented:
Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?

If you are already using it then no it is not required in the script. In Powershell v3 and up it will ignore the command if it is already imported into the Powershell session.

In eariler versions of Powershell v1/v2 it will provide an error message stating that it is already imported, however,  this is just an astetics thing as it does not stop or prevent the script from running. So it is a personal preference. I typically leave it because it is now ignored in newer versions of powershell and if i run a script in a new session where i do not have the module imported then it does it automatically for me.

Will.
grizrulesAuthor Commented:
Worked beautifully, exactly what I was looking for.

Thanks!
grizrulesAuthor Commented:
Great info, good response time.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.