jarig/userADExpirationDate.ps1

## userADExpirationDate.ps1
#params to set
$userAccountName=someAlias
$baseDN="DC=corp,DC=company"

# get domain password expiration info,
$baseDS = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$baseDN")
$dc = $baseDS.findone()
$maxPwdAgeInDays = convertTimeToDays ( $dc.properties.item("maxPwdAge")[0] )

# find user
$userSearch = $baseDS
$userSearch.filter = “(&(objectClass=user)(sAMAccountName=$userAccountName))”
$userSearch.PropertiesToLoad.Add("msDS-ResultantPSO")
$userSearch.PropertiesToLoad.Add("pwdlastset")
$user = $userSearch.FindOne()

# find out password expiration date
[long]$time = [long][string]($user.properties.pwdlastset)

# check for advanced password policy
$advancedPasswordDomainPath = $user.properties.item("msDS-ResultantPSO")
if ( $advancedPasswordDomainPath -ne $null )
{
  $searchForPassPolicy = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$advancedPasswordDomainPath")
  $maxAge = $searchForPassPolicy.FindOne().Properties.item("msDS-MaximumPasswordAge")[0]
  $maxPwdAgeInDays = convertTimeToDays ( $maxAge )
}

$passwordSetDate = $([DateTime]$time).AddYears(1600).ToLocalTime()
$expirationDate = $passwordSetDate.AddDays($maxPwdAgeInDays)

$today = [DateTime]::Today
$timeLeftInDays = $expirationDate.Subtract($today).Days


Write-Host "Username: $userAccountName"
Write-Host "Password expiration time: $maxPwdAgeInDays days"
Write-Host "Password was set: $passwordSetDate"
Write-Host "Password expires: $expirationDate"
Write-Host "Time left: $timeLeftInDays"

# help functions
function convertTimeToDays ($value)
{
    [int64]$maxpwdage = [System.Math]::Abs( $value )
    return $maxpwdage/864000000000
}
	#params to set
	$userAccountName=someAlias
	$baseDN="DC=corp,DC=company"

	# get domain password expiration info,
	$baseDS = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$baseDN")
	$dc = $baseDS.findone()
	$maxPwdAgeInDays = convertTimeToDays ( $dc.properties.item("maxPwdAge")[0] )

	# find user
	$userSearch = $baseDS
	$userSearch.filter = “(&(objectClass=user)(sAMAccountName=$userAccountName))”
	$userSearch.PropertiesToLoad.Add("msDS-ResultantPSO")
	$userSearch.PropertiesToLoad.Add("pwdlastset")
	$user = $userSearch.FindOne()

	# find out password expiration date
	[long]$time = [long][string]($user.properties.pwdlastset)

	# check for advanced password policy
	$advancedPasswordDomainPath = $user.properties.item("msDS-ResultantPSO")
	if ( $advancedPasswordDomainPath -ne $null )
	{
	$searchForPassPolicy = New-Object system.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$advancedPasswordDomainPath")
	$maxAge = $searchForPassPolicy.FindOne().Properties.item("msDS-MaximumPasswordAge")[0]
	$maxPwdAgeInDays = convertTimeToDays ( $maxAge )
	}

	$passwordSetDate = $([DateTime]$time).AddYears(1600).ToLocalTime()
	$expirationDate = $passwordSetDate.AddDays($maxPwdAgeInDays)

	$today = [DateTime]::Today
	$timeLeftInDays = $expirationDate.Subtract($today).Days


	Write-Host "Username: $userAccountName"
	Write-Host "Password expiration time: $maxPwdAgeInDays days"
	Write-Host "Password was set: $passwordSetDate"
	Write-Host "Password expires: $expirationDate"
	Write-Host "Time left: $timeLeftInDays"

	# help functions
	function convertTimeToDays ($value)
	{
	[int64]$maxpwdage = [System.Math]::Abs( $value )
	return $maxpwdage/864000000000
	}