locked
Get-ADUserResultantPasswordPolicy return nothing for users use Password Settings from Default Domain Policy RRS feed

  • Question

  • While testing Get-ADUserResultantPasswordPolicy, I notice it returns nothing for users that are use nothing but the Password Settings from Default Domain Policy. But if the user has another password policy (e.g. Password Policy for admin accounts) set to it, the command does return correct password policy. 

    What could be the cause of this behavior? 

    Is there another command I can use for both kind of users to get their password expiry date?

    Thanks.

    Monday, March 18, 2019 2:44 AM

All replies

  • Hi,

    Thanks for your question.

    ADUser has msDS-UserPasswordExpiryTimeComputed property to save the password expiry date information.

    For example:

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

    Best regards,

    Lee

     


    Just do it.

    Monday, March 18, 2019 7:35 AM
  • Thanks Lee, that answers 2nd half of my question. Any idea why Get-ADUserResultantPasswordPolicy behavior in such an odd way?
    Tuesday, March 19, 2019 3:23 AM

  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Sunday, March 31, 2019 1:28 PM