Friday, 24 May 2019

How to get Password Last Set time for Azure AD Users

There are two easy ways to retrieve Office 365 User properties, Azure AD Powershell module and Microsoft Graph API. Initially Microsoft released SOAP based MSOnline powershell module (Azure AD v1) to work with Office 365 users, later they introduced the new Graph API based Azure AD v2 powershell module which still requires more improvement and some of the important features are still not available in this new module which are available in old module (MSOnline). The user attribute LastPasswordChangeTimestamp is one of the missed feature in new module.

List all Office 365 users last password change date :

Before proceed run the below command to connect MSOnline module.
Connect-MsolService
You can run the below command to retrieve PwdLastSet value for all Azure AD users.
Get-MsolUser -All | Select DisplayName,UserPrincipalName,LastPasswordChangeTimeStamp
Use the below command to list all users who has changed password more than 90 days before.
Get-MsolUser -All | Where {$_.LastPasswordChangeTimeStamp –lt ([System.DateTime]::Now).AddDays(-90)}|
Sort-Object LastPasswordChangeTimeStamp -Descending | Select DisplayName,LastPasswordChangeTimeStamp
Use the below command to export this details to a CSV file:
Get-MsolUser -All | Select DisplayName,UserPrincipalName,LastPasswordChangeTimeStamp | 
Export-CSV "C:\\LastPasswordChangeInfo.csv" -NoTypeInformation -Encoding UTF8
Note: As already said we can't extract password last set time using the Azure AD v2 module (Get-AzureADUser) and also it is not supported in Microsoft Graph API (https://graph.microsoft.com/v1.0/users).

Advertisements
Advertisements

No comments:

Post a Comment