Skip to content

Josh's IT-Blog

Information Technology, and other interesting things …

  • Home
  • About
  • Contact
  • Links

getting info about users password expiration

Posted on 14. November 201820. October 2020 By Burkard Josh
General

i work in a multi domain environment. each domain has different password expiration rules. unfortunattely there is no notification system for the password expiration, so i have to check manually how long my passwords are valid.

for this, i wrote this PowerShell function, which does work without the use of any additional module:

function get-UserPwdInfo {
    Param (
        $UserDN
    )
    $ACCOUNTDISABLE       = 0x000002
    $DONT_EXPIRE_PASSWORD = 0x010000
    $PASSWORD_EXPIRED     = 0x800000

    if ( [string]::IsNullOrEmpty( $UserDN ) ) {
        $SysInfo = New-Object -ComObject "ADSystemInfo"
        $UserDN = $SysInfo.GetType().InvokeMember("UserName", "GetProperty", $Null, $SysInfo, $Null)
    }

    $User = [ADSI]"LDAP://$UserDN"
    
    $searcher=New-Object DirectoryServices.DirectorySearcher
    $searcher.Filter="(&(distinguishedName=$($User.distinguishedName)))"
    $results=$searcher.findone()
    $PwdLastSet = [datetime]::fromfiletime($results.properties.pwdlastset[0])
    
    $DomainName = ( $UserDN -split ',' | Where-Object { $_ -match 'DC' } | ForEach-Object { $_ -replace 'DC=', '' } ) -join '.'
    [ADSI]$domain = "WinNT://$( $DomainName )"

    $MaxPasswordAge = $domain.MaxPasswordAge.Value

    New-Object -TypeName PSObject -Property @{
        Domain                = $domain.Name.ToString()
        UserDisplayName       = $results.Properties.displayname[0].ToString()
        UserDistinguishedName = $results.Properties.distinguishedname[0].ToString()
        userPrincipalName     = $User.userPrincipalName.ToString()
        sAMAccountName        = $user.sAMAccountName.ToString()
        Enabled               = ( -not [bool]($results.Properties.useraccountcontrol[0] -band $ACCOUNTDISABLE ) )
        PasswordNeverExpires  = ( [bool]($results.Properties.useraccountcontrol[0] -band $DONT_EXPIRE_PASSWORD ) )
        PasswordExpired       = ( [bool]($results.Properties.useraccountcontrol[0] -band $PASSWORD_EXPIRED ) )
        MaxPasswordAge        = $domain.MaxPasswordAge.Value / 3600 / 24 
        MinPasswordAge        = $domain.MinPasswordAge.Value / 3600 / 24 
        LastPasswordSet       = $PwdLastSet 
        CurrentPasswordAge    = ( New-TimeSpan -Start $PwdLastSet -End ( Get-Date ) )
        PasswordExpiresOn     = $PwdLastSet.AddSeconds( $MaxPasswordAge )
        PasswordExpiresIn     = ( New-TimeSpan -Start ( Get-Date ) -End $PwdLastSet.AddSeconds( $MaxPasswordAge ) )
    } | Select-Object Domain, UserDisplayName, UserDistinguishedName, userPrincipalName, sAMAccountName, Enabled, PasswordNeverExpires, PasswordExpired, MaxPasswordAge, MinPasswordAge, LastPasswordSet, CurrentPasswordAge, PasswordExpiresOn, PasswordExpiresIn
}
$UserPwdInfo = get-UserPwdInfo 
$UserPwdInfo

the result of this script looks like this:

 

Share this:

  • Facebook
  • Twitter
  • Email
  • Print

Post navigation

❮ Previous Post: reclaime diskspace on zero detection storage when deletening vmware vm
Next Post: PowerShell and PSHTML in Azure Function App ❯

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

Categories

  • General (13)
  • Hardware (9)
    • Network (8)
      • Cisco (2)
    • Storage (2)
  • Microsoft Azure (1)
    • Automation (1)
  • PowerShell (1)
  • Software (1)
    • Excel (1)
  • System Center (19)
    • SCCM (3)
    • SCDPM (1)
    • SCOM (13)
    • SCSM (1)
    • SMA (1)
  • VMware (8)
  • Windows 2008 R2 (10)
    • Active Directory (7)
  • Windows 2012 R2 (1)
  • Windows 2016 (1)
  • Windows 7 (4)
    • BitLocker (1)
  • WordPress (1)

Links

  • Burkard-Fingerlin Family
  • Swisscom (Schweiz) AG
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

FOLLOW ME ON GITHUB

joshburkard (Josh Burkard)

Josh Burkard

joshburkard
Belgium
https://www.burkard.it
Joined on Jul 10, 2015
13 Public Repositories
0 Public Gists

Copyright © 2023 Josh's IT-Blog.

Theme: Oceanly by ScriptsTown

 

Loading Comments...
 

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.