Determining domain password age RRS feed

  • Question

  • Hi

    I run a very simple win 2k3 domain and would like to check the whole domain for password ages, password change dates amd expiration dates.  Can anyone point me in the right direction?

    Thursday, November 5, 2009 12:08 PM


  • Hi Dean,

    You can find the max password age from the Default domain policy.

    Then You should run : CSVDE -r "(ObjectClass=Person)" -f C:\myuserlist.csv 
    from the command prompt to get the list of users with all their attributes saved to a file "C:\myuserlist.csv "
    You can open it in excel. then you need to convert the "pwdlastset" column to date/time(by default it comes in long integer format). To convert you can use this formula in excel

    =IF(K2>0,K2/(8.64*10^11) - 109205,"")

    where column K is your pwdlastset column.

    After you get the date then, u can calculate the difference between the lastpwdset and present date with the help of "MaxPwdAge"

    this procedure applies if u have more users and u dont want to use any scripts

    there is a fine brief on this topic at http://msdn.microsoft.com/en-us/library/ms974598.aspx

    All the best
    Srinivas Kagitapu

    • Marked as answer by Kevin Remde Friday, November 6, 2009 12:45 PM
    Friday, November 6, 2009 7:07 AM