Sign in

Microsoft.com

United States (English)

Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Italia (Italiano)Россия (Русский)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特别行政區 (中文)

IT Management

Platform and Solutions

IT Management > IT management Forums > IT Management Planning and Technology > Determining domain password age

Determining domain password age

Thursday, November 05, 2009 12:08 PMdraccus

0
Sign In to Vote
Hi

I run a very simple win 2k3 domain and would like to check the whole domain for password ages, password change dates amd expiration dates. Can anyone point me in the right direction?

Dean
- Reply
- Quote

Answers

Friday, November 06, 2009 7:07 AMkagitapus

1
Sign In to Vote
Hi Dean,

You can find the max password age from the Default domain policy.

Then You should run : CSVDE -r "(ObjectClass=Person)" -f C:\myuserlist.csv

from the command prompt to get the list of users with all their attributes saved to a file "C:\myuserlist.csv "

You can open it in excel. then you need to convert the "pwdlastset" column to date/time(by default it comes in long integer format). To convert you can use this formula in excel

=IF(K2>0,K2/(8.64*10^11) - 109205,"")

where column K is your pwdlastset column.

After you get the date then, u can calculate the difference between the lastpwdset and present date with the help of "MaxPwdAge"

this procedure applies if u have more users and u dont want to use any scripts

there is a fine brief on this topic at http://msdn.microsoft.com/en-us/library/ms974598.aspx

All the best

Srinivas Kagitapu
- Marked As Answer byKevin RemdeMSFT, OwnerFriday, November 06, 2009 12:45 PM
- Reply
- Quote

All Replies

Friday, November 06, 2009 7:07 AMkagitapus

1
Sign In to Vote
Hi Dean,

You can find the max password age from the Default domain policy.

Then You should run : CSVDE -r "(ObjectClass=Person)" -f C:\myuserlist.csv

from the command prompt to get the list of users with all their attributes saved to a file "C:\myuserlist.csv "

You can open it in excel. then you need to convert the "pwdlastset" column to date/time(by default it comes in long integer format). To convert you can use this formula in excel

=IF(K2>0,K2/(8.64*10^11) - 109205,"")

where column K is your pwdlastset column.

After you get the date then, u can calculate the difference between the lastpwdset and present date with the help of "MaxPwdAge"

this procedure applies if u have more users and u dont want to use any scripts

there is a fine brief on this topic at http://msdn.microsoft.com/en-us/library/ms974598.aspx

All the best

Srinivas Kagitapu
- Marked As Answer byKevin RemdeMSFT, OwnerFriday, November 06, 2009 12:45 PM
- Reply
- Quote

Need Help with Forums? (FAQ)