when you’ll need to reset your password again ?
how it can be checked? lets find it out ..
well first of all, is there any policy on your domain that defines the password age ?
1 |
(Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days |
then ..if so..lets do some math.
we can check when the user set its password the last time and get it by date .
Get-ADUser $user -Properties pwdLastSet ($user is the Identity of the User)
but ..:) oops! look at the value we’ll get from it –
pwdLastSet : 130823615948858582
we said that we need it as date as far as i remember ,No ?
ok !@ so what we need to do is like the following command that combined both Date And Get-Aduser together –
1 |
get-date -Date (Get-ADUser $user -Properties pwdLastSet).pwdLastSet |
Now ,continue with the math ..
we got the Days till the password must be reset ,and we got the last date when the user reset its password.
so now we just need to Add the “pwdLastSet” + “MaxPasswordAge.Days”
lets wrap it up all together by assigning variable and combined all on the following script (function) will let you to know about any user in
the Entire Organization –
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
function PWDExpiration { Param($user = $env:USERNAME) try { $PWDLastSet = get-date -Date (Get-ADUser $user -Properties pwdLastSet).pwdLastSet $maxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days $sumPWDExpireDay = (Get-Date $PWDLastSet).AddDays($maxPasswordAge) $UserPasswordDetails = [ordered]@{ 'Logon Name' = $user 'Full Name' = Get-ADUser -Identity $user | select -ExpandProperty Name 'Last Date PWD Set' = $PWDLastSet 'Expirey Date' = $sumPWDExpireDay } } catch {$UserPasswordDetails = "" Write-Host "Error: User Is Not Exist on Directory" -BackgroundColor Black -ForegroundColor Red } $UserPasswordDetails } |
as you can see this script is a function ,so it means you can run it over and over as you wish like –