To find out the password expiration date for an Active Directory user you must first determine your domain’s password expiration policy and then when the password was last set.
Find your Domain Password Expiration Policy import-module activedirectory Get-ADDefaultDomainPasswordPolicy
Property MaxPasswordAge will tell you the default password expiration policy
Determine Date User Password Was Last Set . . . → Read More: Active Directory Password Expiration Date
Active Directory Cheat Sheet
This page contains my Active Directory Cheat Sheet. A list of collected one liners and vb scripts. Enjoy and feel free to add some yourself via comments!
Active Directory One Liners
This isn’t so much a script as an awesome way to reset an active directory user’s password.
How to Reset . . . → Read More: active directory cheatsheet
To return the distinguished name for all users in an active directory domain create a new file called getdn.bat
del c:\activeUsers.txt DSQUERY.exe * -limit 0 -filter “(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113522.214.171.1243:=2))” >”c:\activeUsers.txt” C:\WINDOWS\NOTEPAD.EXE c:\activeUsers.txt
This is example will show you how to disable folks that have a password older than x number of days AND / OR have not logged in for X number of days
Requirements ActiveRoles Management Shell (free) Powershell Server 2003 or Higher Domain Controller Example Script
Filename: C:\1audit\scripts\disable_accounts_password_age_greater_91_days.ps1 Description: (Disable users that have . . . → Read More: active directory disable users older than x days
howto list all users in security group active directory ?
dsquery group -name “” | dsget group -members -expand | dsget user -fn -ln -disabled
need to find username email address active directory ?
place this in a .bat file and run it:
dsquery.exe * -limit 0 -filter “(&(objectCategory=person)(objectClass=user)(mail=*))” -attr sAMAccountName name mail >”c:\PrimaryEmailAddresses.txt” notepad “c:\PrimaryEmailAddresses.txt”
Wise soft has create a great free active directory password reset tool -> download here
Password Control Overview
Password Control is a tool designed to allow helpdesk staff and other IT support personnel to reset user passwords. It has a simple and intuitive interface that many users find more productive than a custom MMC console. . . . → Read More: active directory password reset tool