Get Azure Active Directory password expiry date in PowerShell
You're looking for the LastPasswordChangeTimestamp
attribute:
Get-MsolUser -UserPrincipalName 'Username' |Select LastPasswordChangeTimestamp
This only tells you when the password was last changed, not when it will expire, so grab the password validity from the Password Policy as well:
$PasswordPolicy = Get-MsolPasswordPolicy$UserPrincipal = Get-MsolUser -UserPrincipalName 'Username'$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)
$PasswordExpirationDate
should now have the timestamp for when the password expires
What Mathias R.Jessen said was correct.
But, you may get inaccurate data in some cases like When a tenant has multiple domains (Each domain can have different password policy), when 'Password never expires' set for individual users and if 'password never expires' set through Password policy.
Below code will help you to get the correct result.
$Domains=Get-MsolDomain #-Status Verified foreach($Domain in $Domains) { $PwdValidity=(Get-MsolPasswordPolicy -DomainName $Domain).ValidityPeriod $PwdPolicy.Add($Domain.name,$PwdValidity) } Get-MsolUser -All | foreach{ $UPN=$_.UserPrincipalName $PwdLastChange=$_.LastPasswordChangeTimestamp $UserDomain= $UPN -Split "@" | Select-Object -Last 1 $PwdValidityPeriod=$PwdPolicy[$UserDomain] }
You can download the script from Microsoft's technet gallery: https://gallery.technet.microsoft.com/Export-Office-365-Users-91b4fc50