1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | param ( [string]$user ) #functions function verify_user($sam) { if ($sam.Length -lt 1) { write-host "You must specify a username!" -ForegroundColor Red return $false } else { try { Import-Module ActiveDirectory -ErrorAction Stop } catch { write-host "Active Directory Module Required" -BackgroundColor Red -ForegroundColor Yellow } try { Get-ADUser $user| Out-Null; return $true; } catch { write-host "User $user does not exist!" -ForegroundColor Red return $false } } } #user if (-not $user) { do { $user = Read-Host "Username? "} while ( (verify_user $user) -ne $true ) } else { if ( (verify_user $user) -ne $true ) { do { $user = Read-Host "Username? " } while ( (verify_user $user) -ne $true ) } } try { $u = Get-ADUser -LDAPFilter "(SamAccountName=$user)" –Properties "Name", "passwordlastset", "msDS-UserPasswordExpiryTimeComputed", "mail", "accountExpires" $d = get-date $([datetime]::FromFileTime($u."msDS-UserPasswordExpiryTimeComputed")) -Format f if ($u.passwordlastset) { write-host "Password Last Set on: $(get-date $u.passwordlastset -Format f)" -ForegroundColor Yellow -BackgroundColor DarkGreen } if ( $d -lt $(Get-Date) ) { write-host "Password Expired on $d" -ForegroundColor Yellow -BackgroundColor Red } write-host "Password Expires on $d" -ForegroundColor Yellow -BackgroundColor DarkGreen if ( ($u.accountExpires) -and ($u.accountExpires -ne "0") -and ($u.accountExpires -ne "9223372036854775807") ) { $t = $([datetime]::FromFileTime($u.accountExpires)) write-host "Account Expires on $( get-date $t -Format f )" -ForegroundColor Yellow -BackgroundColor Blue } } catch { write-host "An Error occurred or unable to retrieve account information!" -ForegroundColor Red } |
PowerShell Active Directory Password Tool – When it was set and when it expires.
It’s Monday morning, the caffeine from your morning coffee still hasn’t hit you yet, and like clockwork %USERNAME% calls with password issues…typical. Has their Active Directory Password expired? They said they changed it, but did they really? When did it expire or did they last set it? All great questions you love finding answers to on Monday morning, or any morning for that matter! Not with this PS script. I just go to my command window and type when %username%. It shows me the users Active Directory Password info right away, then I can ream…err…I mean educate the user on their Active Directory Password. You can call the PS directly or batch it out for convenience. It’s up to you. I prefer the latter so I don’t have to be in a PowerShell console. You’ll need the ActiveDirectory Module to run this!