Skip to content

Josh's IT-Blog

Information Technology, and other interesting things …

  • Home
  • About
  • Contact
  • Links

getting info about users password expiration

Posted on 14. November 201820. October 2020 By Burkard Josh
General

i work in a multi domain environment. each domain has different password expiration rules. unfortunattely there is no notification system for the password expiration, so i have to check manually how long my passwords are valid.

for this, i wrote this PowerShell function, which does work without the use of any additional module:

function get-UserPwdInfo {
    Param (
        $UserDN
    )
    $ACCOUNTDISABLE       = 0x000002
    $DONT_EXPIRE_PASSWORD = 0x010000
    $PASSWORD_EXPIRED     = 0x800000

    if ( [string]::IsNullOrEmpty( $UserDN ) ) {
        $SysInfo = New-Object -ComObject "ADSystemInfo"
        $UserDN = $SysInfo.GetType().InvokeMember("UserName", "GetProperty", $Null, $SysInfo, $Null)
    }

    $User = [ADSI]"LDAP://$UserDN"
    
    $searcher=New-Object DirectoryServices.DirectorySearcher
    $searcher.Filter="(&(distinguishedName=$($User.distinguishedName)))"
    $results=$searcher.findone()
    $PwdLastSet = [datetime]::fromfiletime($results.properties.pwdlastset[0])
    
    $DomainName = ( $UserDN -split ',' | Where-Object { $_ -match 'DC' } | ForEach-Object { $_ -replace 'DC=', '' } ) -join '.'
    [ADSI]$domain = "WinNT://$( $DomainName )"

    $MaxPasswordAge = $domain.MaxPasswordAge.Value

    New-Object -TypeName PSObject -Property @{
        Domain                = $domain.Name.ToString()
        UserDisplayName       = $results.Properties.displayname[0].ToString()
        UserDistinguishedName = $results.Properties.distinguishedname[0].ToString()
        userPrincipalName     = $User.userPrincipalName.ToString()
        sAMAccountName        = $user.sAMAccountName.ToString()
        Enabled               = ( -not [bool]($results.Properties.useraccountcontrol[0] -band $ACCOUNTDISABLE ) )
        PasswordNeverExpires  = ( [bool]($results.Properties.useraccountcontrol[0] -band $DONT_EXPIRE_PASSWORD ) )
        PasswordExpired       = ( [bool]($results.Properties.useraccountcontrol[0] -band $PASSWORD_EXPIRED ) )
        MaxPasswordAge        = $domain.MaxPasswordAge.Value / 3600 / 24 
        MinPasswordAge        = $domain.MinPasswordAge.Value / 3600 / 24 
        LastPasswordSet       = $PwdLastSet 
        CurrentPasswordAge    = ( New-TimeSpan -Start $PwdLastSet -End ( Get-Date ) )
        PasswordExpiresOn     = $PwdLastSet.AddSeconds( $MaxPasswordAge )
        PasswordExpiresIn     = ( New-TimeSpan -Start ( Get-Date ) -End $PwdLastSet.AddSeconds( $MaxPasswordAge ) )
    } | Select-Object Domain, UserDisplayName, UserDistinguishedName, userPrincipalName, sAMAccountName, Enabled, PasswordNeverExpires, PasswordExpired, MaxPasswordAge, MinPasswordAge, LastPasswordSet, CurrentPasswordAge, PasswordExpiresOn, PasswordExpiresIn
}
$UserPwdInfo = get-UserPwdInfo 
$UserPwdInfo

the result of this script looks like this:

 

Share this:

  • Facebook
  • Twitter
  • Email
  • Print

Post navigation

❮ Previous Post: reclaime diskspace on zero detection storage when deletening vmware vm
Next Post: PowerShell and PSHTML in Azure Function App ❯

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

Categories

  • General (13)
  • Hardware (9)
    • Network (8)
      • Cisco (2)
    • Storage (2)
  • Microsoft Azure (1)
    • Automation (1)
  • PowerShell (1)
  • Software (1)
    • Excel (1)
  • System Center (19)
    • SCCM (3)
    • SCDPM (1)
    • SCOM (13)
    • SCSM (1)
    • SMA (1)
  • VMware (8)
  • Windows 2008 R2 (10)
    • Active Directory (7)
  • Windows 2012 R2 (1)
  • Windows 2016 (1)
  • Windows 7 (4)
    • BitLocker (1)
  • WordPress (1)

Links

  • Burkard-Fingerlin Family
  • Swisscom (Schweiz) AG
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright © 2022 Josh's IT-Blog.

Theme: Oceanly by ScriptsTown

 

Loading Comments...
 

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.