Pricing  Get Quote

How to get the password age using PowerShell

PowerShell cmdlets help admins perform tasks that are beyond the scope of what can be achieved using the graphical user interface (GUI). However, using PowerShell can often be complex and time-consuming.

ManageEngine ADSelfService Plus, an identity security solution, provides several crucial reports and functions that enhance and often surpass what can be achieved via PowerShell.

Consider users' password age. Admins might want to find passwords that are nearing expiry to send the respective users an email, reminding them to change their passwords. This can be achieved using PowerShell or with a tool such as ADSelfService Plus.

Let's compare what it's like to get the password age using PowerShell vs. ADSelfService Plus.


Run this script in PowerShell to get the password age report:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Click to copy entire script



ADSelfService Plus

  • Go to ReportsUser ReportsSoon-To-Expire Password Users Report.
  • Specify the domain using the Select Domain option.
  • Use the Add OUs option to specify OUs, if necessary.
  • Specify the number of days left before expiration using the User Passwords that will expire in option.
  • Exclude disabled users and smart card users from the report using the Exclude User option.
  • Click Generate to generate the report.


Advantages of ADSelfService Plus
  • Quick configuration

    Using ADSelfService Plus, you can generate the password expiration dates of domain users with just a few clicks and in a user-friendly format.

  • Enhanced readability of the report

    While the PowerShell password age report contains only the usernames and dates on which the users' passwords will expire, ADSelfService Plus presents this along with additional information in a readable, user-friendly, exportable format.

  • Refined reports using the GUI

    Admins can generate refined reports that provide more usable data without the clutter. For instance, the report on password expiration dates can include a list of accounts with passwords due to expire in a few days. The process of generating a similar report using PowerShells scripts is quite complex.

  • Password expiration notifications

    ADSelfService Plus offers password expiration notifications that periodically alert users through email, SMS, and push notifications to change their passwords before expiration.

  • Multiple reports that provide extensive user information

    Other than the Soon-to-expire Password Users report, ADSelfService Plus offers other reports that provide important information on the domain users who are locked out and their password expiration statuses.

  • Automatically generates and emails reports

    ADSelfService Plus provides a scheduler that can be configured to generate reports at regular intervals and email them to administrators and managers.

  • Automatic password resets

    ADSelfService has an automatic password reset function that, if enabled, searches for expired passwords and automatically resets them on a regular basis.

  • Exported reports and search options

    The reports generated in ADSelfService Plus can be exported in formats like CSV, CSVDE, HTML, and PDF. There is also a built-in search option to locate specific entries in reports.

Audit the Active Directory users' password expiration dates.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link