AD User Password Expiration Date Monitor - SAM

Version 2

    To know when an AD user's password will expire, find the below Power Shell script. This script can be run on a windows machine which is in the same domain that a user is in or can be applied to the AD server directly through SAM's Windows Power Shell Application Monitor.



    $B = Get-ADUser -filter {samaccountname -eq $A -and Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties “DisplayName”, “msDS-UserPasswordExpiryTimeComputed” |Select-Object -Property “Displayname”,@{Name=“ExpiryDate”;Expression={[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}};

    $C = $B.ExpiryDate;

    $D = get-date

    $E = ($C-$D).days

    write-host "Message:$A user password will expire in $E days"

    write-host "Statistic:$E"


    Provide the SamAccount name of the desired user in the arguments field as below, or you can modify "$A=$args[0] into a variable if you have 'n' numbers of users to check for and then accordingly you have to provide their SamAccount name in the arguments field separated by comma.


    Alerts can be created based on the Statistic threshold i.e. based on no. of days remaining or you can add exit code to turn the status of application template based on your requirement.