powershellazureactive-directoryazure-active-directory

Get Azure Active Directory password expiry date in PowerShell


I am working with Azure Active Directory and want to know when a user's password expires.

Currently I use these PowerShell commands to connect to msol service successfully and get password expiry, but I'm not quite sure how to get password expiry date.

I am using Azure Active Directory PowerShell module.

Connect-MsolService
    Get-MsolUser -UserPrincipalName 'Username' | Select PasswordNeverExpires

Solution

  • You're looking for the LastPasswordChangeTimestamp attribute:

    Get-MsolUser -UserPrincipalName 'Username' |Select LastPasswordChangeTimestamp
    

    This only tells you when the password was last changed, not when it will expire, so grab the password validity from the Password Policy as well:

    $PasswordPolicy = Get-MsolPasswordPolicy
    $UserPrincipal  = Get-MsolUser -UserPrincipalName 'Username'
    
    $PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)
    

    $PasswordExpirationDate should now have the timestamp for when the password expires