Skip to main content

Get Password Info

DSQUERY // ADComputer  

 

 

 

Get listing of all accounts with info: 

Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires 

 

Get listing of user accounts that have their passwords set to never expire 

Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires, enabled 

 

Get Last AD profile change such as update password 

Get-ADUser -filter * -properties whenChanged, passwordlastset, passwordneverexpires | ft Name, whenChanged, passwordneverexpires 

 

 

 

Get last logon 

 Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties name, passwordlastset, passwordneverexpires | Get-ADObject -Properties lastLogon | FT Name,  @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}  

 

 

Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires 

 

CSV of user accounts set to never expire 

Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires |  Select-Object Name, Passwordlastset, passwordneverexpires, enabled | export-csv -path c:\Accent\UserPassNeverExpire.csv -NoTypeInformation 

 

Inactive & disabled users 

Dsquery user -inactive 5 -disabled 

 

 

Remove password never expires to inactive accounts 

Dsquery user -inactive 50 | dsmod user -pwdneverexpires no 

 

Set all disabled user accounts removing the password never expires 

dsquery user -disabled | dsmod user -pwdneverexpires no 

 

 

Get listing of disabled users and last update to their account (presumably when disabled) 

Get-ADUser -filter 'Enabled -Eq "False"' -properties passwordlastset, passwordneverexpires, WhenChanged | ft Name, enabled, WhenChanged 

 

 

Table Fields: 

DistinguishedName 

Enabled 

GivenName 

Name 

ObjectClass 

ObjectGUID 

PasswordLastSet 

PasswordNeverExpires 

SamAccountName 

SID 

Surname 

UserPrincipalName 

 

 

 get-localuser | Disable-LocalUser 

 

Onboarding Commands 

To get a list of all users in a domain and exported to CSV file 

get-aduser -filter * -Properties *| Select-Object Name, enabled, SamAccountName, UserPrincipalName | export-csv -path c:\Accent\test10.csv -NoTypeInformation 

Back to top