none
Command to display Domain Password Policy counter

    Question

  • Hello Expert,

    In our company i implemented the following password policy as a Default Domain Policy :-

    Enforce password history 3 passwords remembered
    Maximum password age 90 days
    Minimum password age 0 days
    Minimum password length 8 characters
    Password must meet complexity requirements  Enabled               

    Today my CEO want to know how many days left for him to change the password, experts is there is any command to display number of days left for users to change the password, i mean a general information is fine. so that i can send that screenshot to the management.

    Regards,

    Wednesday, June 3, 2015 7:30 AM

Answers

  • Hi,

    You can use Powershell to get this attribute and add 90 days to calculate how many days left. This works for me. Just change the user login in the code below :

    Regards,

    Julien

    • Proposed as answer by Julien DECORMON Wednesday, June 3, 2015 5:16 PM
    • Marked as answer by smpvm Thursday, June 4, 2015 10:42 AM
    Wednesday, June 3, 2015 9:24 AM

All replies

  • Hi,

    look at attribute pwdLastSet, this attribute contains the date and time that the password for this account was last changed.

    From this user attribute you can deduce how many days left for user to change password.


    Hope this helps.

    Regards,

    thennet


    Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable. This helps the community, keeps the forums tidy, and recognises useful contributions. Thank you!


    • Edited by thennet Wednesday, June 3, 2015 8:21 AM
    Wednesday, June 3, 2015 8:19 AM
  • Hello Sir,

    I prefer not in that way, for example consider that i implemented the password policy say on 3/25/2015. i want to show to our CEO that those many days are left to change password for users in that case my CEO will be happy by thinking that the GPO is working properly, the main aim is to show them that the GPO is working properly .

    Regards

    Wednesday, June 3, 2015 8:29 AM
  • Hi,

    You can use Powershell to get this attribute and add 90 days to calculate how many days left. This works for me. Just change the user login in the code below :

    Regards,

    Julien

    • Proposed as answer by Julien DECORMON Wednesday, June 3, 2015 5:16 PM
    • Marked as answer by smpvm Thursday, June 4, 2015 10:42 AM
    Wednesday, June 3, 2015 9:24 AM
  • this may be useful

    https://technet.microsoft.com/en-us/library/ee829687(v=ws.10).aspx


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

    Wednesday, June 3, 2015 8:56 PM