Pricing  Get Quote
 

How to get the password age using PowerShell

PowerShell cmdlets help admins perform tasks that are beyond the scope of what can be achieved using the graphical user interface (GUI). However, using PowerShell can often be complex and time-consuming.

Consider checking for password age. Admins may want to find passwords that are nearing their expiry so they can send the respective users an email request to change their passwords. This can be achieved using PowerShell or with a tool such as ManageEngine ADSelfService Plus.

ADSelfService Plus, an identity security solution, provides several crucial reports and functions that enhance and often surpass what can be achieved via PowerShell.

Let's compare what it's like to get the password age using PowerShell vs. ADSelfService Plus.

PowerShell

Run this script in PowerShell to get the password age report: 
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
 Copied
Click to copy the entire script

Screenshot:

PowerShell script to get the password age

ADSelfService Plus

  • Log in to ADSelfService Plus as an administrator.
  • Navigate to the Reports tab > Active Directory Reports > Soon-To-Expire Password Users Report.
  • Specify the domain using the Select Domain option.
  • Use the Select OUs option to specify OUs if necessary.
  • Use the User Passwords that will expire option to specify the number of days remaining until expiration.
  • Use the Exclude Users option to exclude disabled users and smart card users from the report.
  • Click Generate to generate the report.

Screenshot:

Steps to get the password age using ADSelfService Plus
Advantages of using ADSelfService Plus to get password age reports
  • Quick configuration

    Generate password expiration dates for domain users with just a few clicks using the user-friendly interface.

  • Enhanced readability

    Unlike PowerShell reports that display only the usernames and password expiration dates, ADSelfService Plus provides additional information in an easy-to-read, exportable format.

  • Refined reports using the GUI

    Generate refined reports that provide usable data without clutter, unlike PowerShell scripts that display complex data.

  • Password expiration notifications

    Proactively notify users about impending password expirations through email, SMS, and push notifications, enabling them to change their passwords before expiration.

  • Comprehensive user information report

    ADSelfService Plus offers various reports that provide information about locked-out domain users and their password expiration statuses.

  • Automated email notification

    Schedule and automate the generation of reports, which can be emailed directly to administrators and managers at specified intervals.

  • Automatic password resets

    Enable the automatic password resets for expired passwords, ensuring they are regularly updated without manual intervention.

  • Export and search options

    Export reports in multiple formats, including CSV, CSV, HTML, and PDF. Use the built-in search option to locate specific entries in reports quickly.

Get reports on password age and more with ADSelfService Plus

  Download a 30-day, free trial

Related Resources

RELATED PRODUCTS

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Password Self-ServiceDirectory Self-ServiceOne IdentitySecurityRelated Products

A single pane of glass for complete self service password management

Free Trial Get Quote
Email Download Link
 
Back to Top