How to get Password Last Set time for Azure AD Users

There are two easy ways to retrieve Office 365 User properties, Azure AD Powershell module and Microsoft Graph API. Initially, Microsoft released SOAP-based MSOnline Powershell module (Azure AD v1) to work with Office 365 users, later they introduced the new Graph API based Azure AD v2 Powershell module which still requires more improvement and some of the important features are still not available in this new module which are available in old module (MSOnline). The user attribute LastPasswordChangeTimestamp is one of the missed feature in new module.

List all Office 365 users last password change date

Before proceed run the below command to connect MSOnline module.

Connect-MsolService

You can run the below command to retrieve PwdLastSet value for all Azure AD users.

Get-MsolUser -All | Select DisplayName,UserPrincipalName,LastPasswordChangeTimeStamp

Use the below command to list all users who have changed password more than 90 days before.

Get-MsolUser -All | Where {$_.LastPasswordChangeTimeStamp –lt ([System.DateTime]::Now).AddDays(-90)}|
Sort-Object LastPasswordChangeTimeStamp -Descending | Select DisplayName,LastPasswordChangeTimeStamp

Use the below command to export these details to a CSV file:

Get-MsolUser -All | Select DisplayName,UserPrincipalName,LastPasswordChangeTimeStamp | 
Export-CSV "C:\LastPasswordChangeInfo.csv" -NoTypeInformation -Encoding UTF8

Note: As already said we can’t extract password last set time using the Azure AD v2 module (Get-AzureADUser) and also it is not supported in Microsoft Graph API (https://graph.microsoft.com/v1.0/users).


Advertisement

1 thought on “How to get Password Last Set time for Azure AD Users”

Leave a Comment