Active Directory Password Expiration Date

To find out the password expiration date for an Active Directory user you must first determine your domain’s password expiration policy and then when the password was last set.

Find your Domain Password Expiration Policy

import-module activedirectory  
Get-ADDefaultDomainPasswordPolicy

Property MaxPasswordAge will tell you the default password expiration policy

Determine Date User Password Was Last Set

import-module activedirectory  
Get-ADUser <username> -properties passwordlastset, passwordneverexpires

The user’s password will expire the date the password was last set + the value of MaxPasswordAge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.