Passwords Last Changed
-
So here is something that I just whipped up real quick one liner.
get-aduser -Filter * -Properties * | Select CN,PasswordLastSet,EmailAddress | sort PasswordLastSet | export-csv \\your_desired_location\passwords_unchanged.csvFirst part grabs all of your users in your AD and all of their properties. Its piped over and only pulls out the users name, their email address, and the last time they changed their password. The next pipe sorts the list based from oldest to newest of the passwords. With that list sorted, it is then piped to a csv spreadsheet to be done with what you will.
Part of the NerdyDad's PowerShell Script series
-
@nerdydad said in Passwords Last Changed:
So here is something that I just whipped up real quick one liner.
get-aduser -Filter * -Properties * | Select CN,PasswordLastSet,EmailAddress | sort PasswordLastSet | export-csv \\your_desired_location\passwords_unchanged.csvFirst part grabs all of your users in your AD and all of their properties. Its piped over and only pulls out the users name, their email address, and the last time they changed their password. The next pipe sorts the list based from oldest to newest of the passwords. With that list sorted, it is then piped to a csv spreadsheet to be done with what you will.
Part of the NerdyDad's PowerShell Script series
Take care with this one. I had a problem once because the PasswordLastSet attribute is one of the few attributes that isn't replicated between DCs by default.
Wrote a powershell script a bit ago (hell, I need more time for my blog...) that querys all DCs: https://www.windrath.com/2016/07/powershell-total-badpwdcount-adusers/ - you could adapt it to get the newest PasswordLastSet value
-
Worked perfectly for me! Thanks!
