You can use this powershell script to find out when was the last time users had updated the passwords. To use the script provide the name of the Security group that contains all the users for whom you want to find out the password update date and then provide the location where you want to save the output.
# Define the AD Group Name and Output File
$GroupName = "YourADGroupName" # Change this to your actual group name
$OutputCSV = "C:\Output\PasswordLastSet.csv" # Change this to the location where you want to save file
# Import Active Directory Module (Ensure you have RSAT installed)
Import-Module ActiveDirectory
# Get members of the specified group
$GroupMembers = Get-ADGroupMember -Identity $GroupName -Recursive | Where-Object { $_.objectClass -eq "user" }
# Initialize an empty array to store results
$Results = @()
# Iterate through each user and retrieve ALL properties
foreach ($User in $GroupMembers) {
# Retrieve all properties of the user
$UserDetails = Get-ADUser -Identity $User.SamAccountName -Properties *
# Convert pwdLastSet to a readable date format
$LastPasswordSetDate = if ($UserDetails.pwdLastSet) { [DateTime]::FromFileTime($UserDetails.pwdLastSet) } else { "Never" }
# Store the results in a custom object (Add any properties you need)
$Results += [PSCustomObject]@{
DisplayName = $UserDetails.DisplayName
SamAccountName = $UserDetails.SamAccountName
UserPrincipalName = $UserDetails.UserPrincipalName
Email = $UserDetails.EmailAddress
Department = $UserDetails.Department
Title = $UserDetails.Title
Enabled = $UserDetails.Enabled
LastLogonDate = $UserDetails.LastLogonDate
LastPasswordSet = $LastPasswordSetDate
PasswordNeverExpires = $UserDetails.PasswordNeverExpires
PasswordExpired = $UserDetails.PasswordExpired
}
}
# Export the results to CSV
$Results | Export-Csv -Path $OutputCSV -NoTypeInformation -Encoding UTF8
Write-Host "Report saved to $OutputCSV" -ForegroundColor Green