Link to home
Start Free TrialLog in
Avatar of grizrules

asked on

Trying to find out when a domain user(s) password expire with powershell

First, I'm a beginner at using powershell.  I only know what I read and can do simple commands by cut and paste.

I'm trying to find out  when all my users passwords  in Active Directory will expire so I can let them know before hand as they sometimes don't pay attention to the warning.

I know I can use the
net user username /domain command, but that is for a single user.  I'd like to get a list of all users expiring passwords.

So far I have not found anything useful on the web.   Most of it is outdated.

I found this command, but its for ACCOUNTS expiring:

Search-ADAccount -AccountExpiring -TimeSpan 90.00:00:00 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A

This other command was the one I thought would work but apparently it doesn't work
Search-ADAccount -PasswordExpiring -DateTime 10/15/2009 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass -A

The reason it doesn't work is because, The PasswordExpiring option doesn't exist for the Search-ADAccount cmdlet on 2008 R2

Note I'm using Windows 2012 R2

Can someone assist with a nice command.  Does one exist?

Thank you
Avatar of footech
Flag of United States of America image

Pretty sure -PasswordExpiring isn't a parameter in any version of Search-ADAccount.

Rather than inventing a script from scratch, here's a good function for single user.
It could be reworked to show all users.  It's likely that someone has already posted something for this in the MS Technet Script Gallery.  See here.
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of grizrules


Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?
Will if I'm already using the Active Directory Module for Windows Powershell is the Import-module activedirectory required?

If you are already using it then no it is not required in the script. In Powershell v3 and up it will ignore the command if it is already imported into the Powershell session.

In eariler versions of Powershell v1/v2 it will provide an error message stating that it is already imported, however,  this is just an astetics thing as it does not stop or prevent the script from running. So it is a personal preference. I typically leave it because it is now ignored in newer versions of powershell and if i run a script in a new session where i do not have the module imported then it does it automatically for me.

Worked beautifully, exactly what I was looking for.

Great info, good response time.