Office 365 – Retrieve User Password Expiration Date

December 4, 2018

Sometimes it will be handy to scan your O365 User base on next Password Expiration Date.

This is done using PowerShell, like this.

First connect to your tenant and execute this script :


$cred = Get-Credential ""

Connect-MsolService -Credential $cred

$domain = Get-MsolDomain | where {$_.IsDefault -eq $true}

$PasswordPolicy = Get-MsolPasswordPolicy -DomainName $domain.Name

$Account = "" # Change HERE !!

$UserPrincipal  = Get-MsolUser -UserPrincipalName $Account

$UserPrincipal | fl PasswordNeverExpires

$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)

Write-host "Password will Expire on : $PasswordExpirationDate"

$StartDate = (GET-DATE)
$DaysLeft = NEW-TIMESPAN -Start $StartDate -End $PasswordExpirationDate
$DaysLeft = [math]::Floor($DaysLeft.TotalDays)

Write-host "Password will Expire in # Days : $DaysLeft"

$UserPrincipal | select DisplayName, LastPasswordChangeTimeStamp,@{Name=”PasswordAge”;Expression={((Get-Date).ToUniversalTime())-$_.LastPasswordChangeTimeStamp}} | sort-object PasswordAge -desc


If you want to change the Password Policy to NEVER EXPIRE use this codereset

Set-MsolUser -UserPrincipalName $Account -PasswordNeverExpires $true

If you want to RESET the Password, use this code

Set-MsolUserPassword -UserPrincipalName $Account -NewPassword "PassWord"

Enjoy !

PowerShell – How to list AD deleted objects

January 3, 2013

Check for all deleted AD objects that can be recovered from AD eventually.

Import-Module activedirectory
Get-ADObject –SearchBase “CN=Deleted Objects,DC=domain,DC=local” `
–ldapFilter “(objectClass=*)” -includeDeletedObjects | `
Format-List Name,ObjectClass,ObjectGuid,Sid 

The output looks like this :


PowerShell – How to list AD object creation date

January 3, 2013

How to find an user or group object’s creation date in AD.

Import-Module -Name ActiveDirectory 
$week = (Get-Date).AddDays(-15)
Get-ADUser -Filter * -Properties * | where { $_.whenCreated -ge $week } | `
select Name,whenCreated

It will list this kind of output