How to get the password age using PowerShell
PowerShell cmdlets help admins perform tasks that are beyond the scope of what can be achieved using the graphical user interface (GUI). However, using PowerShell can often be complex and time-consuming.
ManageEngine ADSelfService Plus, an identity security solution, provides several crucial reports and functions that enhance and often surpass what can be achieved via PowerShell.
Consider users' password age. Admins might want to find passwords that are nearing expiry to send the respective users an email, reminding them to change their passwords. This can be achieved using PowerShell or with a tool such as ADSelfService Plus.
Let's compare what it's like to get the password age using PowerShell vs. ADSelfService Plus.
PowerShell
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Screenshot:
ADSelfService Plus
- Go to Reports → User Reports → Soon-To-Expire Password Users Report.
- Specify the domain using the Select Domain option.
- Use the Add OUs option to specify OUs, if necessary.
- Specify the number of days left before expiration using the User Passwords that will expire in option.
- Exclude disabled users and smart card users from the report using the Exclude User option.
- Click Generate to generate the report.
Screenshot:
- Quick configuration
Using ADSelfService Plus, you can generate the password expiration dates of domain users with just a few clicks and in a user-friendly format.
- Enhanced readability of the report
While the PowerShell password age report contains only the usernames and dates on which the users' passwords will expire, ADSelfService Plus presents this along with additional information in a readable, user-friendly, exportable format.
- Refined reports using the GUI
Admins can generate refined reports that provide more usable data without the clutter. For instance, the report on password expiration dates can include a list of accounts with passwords due to expire in a few days. The process of generating a similar report using PowerShells scripts is quite complex.
- Password expiration notifications
ADSelfService Plus offers password expiration notifications that periodically alert users through email, SMS, and push notifications to change their passwords before expiration.
- Multiple reports that provide extensive user information
Other than the Soon-to-expire Password Users report, ADSelfService Plus offers other reports that provide important information on the domain users who are locked out and their password expiration statuses.
- Automatically generates and emails reports
ADSelfService Plus provides a scheduler that can be configured to generate reports at regular intervals and email them to administrators and managers.
- Automatic password resets
ADSelfService has an automatic password reset function that, if enabled, searches for expired passwords and automatically resets them on a regular basis.
- Exported reports and search options
The reports generated in ADSelfService Plus can be exported in formats like CSV, CSVDE, HTML, and PDF. There is also a built-in search option to locate specific entries in reports.
Audit the Active Directory users' password expiration dates.
Get 30-day free trial.
