Hi,
the problem with password expiration is, AD does not store that. Instead, the last password change and maximum password age are stored so technically, a password does not 'expire' until a login is attempted for that account.
If you are positive that there are no Fine Grained Password Policies in your environment, then, instead of 'Expires in August' you just look for 'Last change in August-max age'. So, assuming that your max password age is 90 days, you're looking for accounts
with pwdLastSet between (1st Aug - 90 Days) and (30th Aug - 90 days):
$start = (Get-Date '01.08.2020 00:00:00').AddDays(-90).ToFileTimeUtc()
$end = (Get-Date '30.08.2020 23:59:59').AddDays(-90).ToFileTimeUtc()
Get-ADUser -LDAPFilter "(&(pwdLastSet>=$start)(pwdLastSet<=$end))"
The dates are in German locale, you need to adjust that to yours as needed ;-)
If you have FGPP in place, you'll have to consider the policies, their superposition etc. in your calculations.
Evgenij Smirnov
http://evgenij.smirnov.de
