Windows PowerShell provides a convenient way to identify users who have recently changed their passwords. In this article, I will explain the process and highlight its benefits.
By utilizing the power of Windows PowerShell, you can quickly and accurately retrieve information about users who have recently modified their passwords. This functionality can be handy for system administrators and IT professionals who need to monitor user activity and ensure the security of their network.
I will guide you through the steps necessary to retrieve this information using PowerShell commands. You will learn to query the event logs and filter the results to identify specific password change events. This knowledge will enable you to track user password modifications and gain valuable insights into user activity patterns.
Find out who changed their password.
With the rise of remote work and VPN usage, administrators are often confronted with users reporting access issues. One common culprit behind these problems is when users change their passwords for their Active Directory accounts and forget to update their connections accordingly. As an administrator, you can proactively address this challenge by utilizing a simple PowerShell script that lists users who have recently changed their passwords.
By implementing this PowerShell script, you can save time and effort in troubleshooting user access problems. The script lets you quickly identify users who have modified their passwords within a specific timeframe, providing valuable insights into potential causes of connectivity issues.
We receive the necessary data via the CmdLet “Get-ADUser‘ and the object contained therein ‘PasswordLastSet.” In addition, only users whose user account is activated and for whom the “Password never expires” option is not active are checked. The date of the last password update (PasswordLastSet) with the date seven days ago ((GetDate).AddDays(-7)). This will only show us users who have changed their password within the last seven days.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -properties PasswordLastSet |
select Name, PasswordLastSet |
Where {$_.PasswordLastSet -gt (Get-Date).AddDays(-7)} |
sort -property PassWordLastSetShow all password changes.
By removing the third line (“Where {$_.PasswordLastSet -gt (Get-Date).AddDays(-7)} |‘ You will see all active users and their last password change date. By changing the value “AddDays(-7), “ you can change the time span of the displayed users. So you would “AddDays(-14)“ Show the changed user passwords of the last 14 days.
