Jono Jono - 4 months ago 14
PowerShell Question

Will Office 365 (Admin center or Powershell) tell me if a user's password is expired?

I feel like this question has to have been asked before, but I've spent way too much time searching for it here and elsewhere.

I'm looking for something to tell me that a user's password has expired. When I search for this, I get a ton of sites telling me how to set a user's password to never expire or how to set the password policy. I just want to be able to look up a user in the Admin Center or using PowerShell to see if the password is expired.

I user this cmdlet as a workaround for the moment, but it would be so much easier if I could have it tell me "Password Expired: Yes" or something like that.

Get-MsolUser -SearchString (Read-Host `n Whose info?) | select DisplayName, LastPasswordChangeTimeStamp, @{Name=”PasswordAge (in days.time)”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}}, PasswordNeverExpires | fl


Thanks!

Answer

You can achieve it like this. First get the domain's password policy and save the ValidityPeriod to a variable. Then get all users and their last password change time stamp, add the validity period to it and there you have it, the date when the password will expire.

 $valid = Get-MsolPasswordPolicy -DomainName yourdomain.com | select ValidityPeriod -ExpandProperty ValidityPeriod

Now we have the validity period in $valid variable.

 Get-MsolUser -All | Select UserPrincipalName, LastPasswordChangeTimeStamp | foreach{ 
 $user = $_.UserPrincipalName
 $exp = $_.LastPasswordChangeTimeStamp.addDays($valid)
 Write-Output "$user's password expires on $exp"
}

I ran this in a powershell session with Msol service connected. So i hope it helps you.

Comments