Get Azure Active Directory password expiry date in PowerShell

Question

I am working with Azure Active Directory and want to know when a user's password expires.

Currently I use these PowerShell commands to connect to msol service successfully and get password expiry, but I'm not quite sure how to get password expiry date.

I am using Azure Active Directory PowerShell module.

Connect-MsolService
    Get-MsolUser -UserPrincipalName 'Username' | Select PasswordNeverExpires

Answer 1

You're looking for the LastPasswordChangeTimestamp attribute:

Get-MsolUser -UserPrincipalName 'Username' |Select LastPasswordChangeTimestamp

This only tells you when the password was last changed, not when it will expire, so grab the password validity from the Password Policy as well:

$PasswordPolicy = Get-MsolPasswordPolicy
$UserPrincipal  = Get-MsolUser -UserPrincipalName 'Username'

$PasswordExpirationDate = $UserPrincipal.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)

$PasswordExpirationDate should now have the timestamp for when the password expires