Office 365 – Retrieve User Password Expiration Date

December 4, 2018

Sometimes it will be handy to scan your O365 User base on next Password Expiration Date.

This is done using PowerShell, like this.

First connect to your tenant and execute this script :

CLS

$cred = Get-Credential "your.credentials@company.com"

Connect-MsolService -Credential $cred

$domain = Get-MsolDomain | where {$_.IsDefault -eq $true}

$PasswordPolicy = Get-MsolPasswordPolicy -DomainName $domain.Name

$Account = "Account.ToCheck@company.com" # Change HERE !!

$UserPrincipal  = Get-MsolUser -UserPrincipalName $Account

$UserPrincipal | fl PasswordNeverExpires

$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)

Write-host "Password will Expire on : $PasswordExpirationDate"

$StartDate = (GET-DATE)
$DaysLeft = NEW-TIMESPAN -Start $StartDate -End $PasswordExpirationDate
$DaysLeft = [math]::Floor($DaysLeft.TotalDays)

Write-host "Password will Expire in # Days : $DaysLeft"

$UserPrincipal | select DisplayName, LastPasswordChangeTimeStamp,@{Name=”PasswordAge”;Expression={((Get-Date).ToUniversalTime())-$_.LastPasswordChangeTimeStamp}} | sort-object PasswordAge -desc

image

If you want to change the Password Policy to NEVER EXPIRE use this codereset

Set-MsolUser -UserPrincipalName $Account -PasswordNeverExpires $true

If you want to RESET the Password, use this code

Set-MsolUserPassword -UserPrincipalName $Account -NewPassword "PassWord"

Enjoy !

Advertisements

PowerShell – How to list AD deleted objects

January 3, 2013

Check for all deleted AD objects that can be recovered from AD eventually.

cls
Import-Module activedirectory
Get-ADObject –SearchBase “CN=Deleted Objects,DC=domain,DC=local” `
–ldapFilter “(objectClass=*)” -includeDeletedObjects | `
Format-List Name,ObjectClass,ObjectGuid,Sid 

The output looks like this :

image


PowerShell – How to list AD object creation date

January 3, 2013

How to find an user or group object’s creation date in AD.

CLS
Import-Module -Name ActiveDirectory 
$week = (Get-Date).AddDays(-15)
Get-ADUser -Filter * -Properties * | where { $_.whenCreated -ge $week } | `
select Name,whenCreated

It will list this kind of output


image