Find when user password expired with Powershell

Password policy procedure in a Local Network it's very important. You must ensure that user not use a password like 1234 or 1111 to connect in the Workstation.

It's very easy someone to compormised the user with these passwords and get confidential documents out of the company.

As IT Pro you know that Group Policies for Password Protection can be apply in a Domain for all users base on your requirements.

If you have enable Group Policy for Password to change every x months you came accross with other issues from users.

Most of the users forgot to change passwords and suddenly get a prompt to write username and password  in the Outlook 

The same can be happened in fileserver access or strange behaviour in Applications that run it from share resources of the network.

This happened because user password expired in the middle of working day.

So user call you to ask you what happened?

As IT Pro until now to identify user password expiration was not so easy.

For IT Pro shorter solution was to log off user and when try to login he will prompt to change the password.

Most of the times this is the hardest way for the user because must close all the open programms and applications.

With powershell you can find in a minute which user password expired or will be expire soon.

Just run the following command and you will get when users password expired from your Domain

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | out-gridview


The output will be something like this


Of course you can use the Export-Csv to output the results in csv file.

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | export-csv c:\user_expiredpass.csv


That's it.

I hope to find it usefull and use it if you have to do with password expiration.

If you have any question because temporary Comments are disable you can send me an email in or in Twitter,Facebook and Google + Page