Export Office 365 Users’ Last Password Change Date to CSV 

Office 365 users’ last password change date can be retrieved from the LastPasswordChangeTimeStamp attribute. Using PowerShell, we can quickly get this attribute from Get-MsolUser cmdlet. 

You can use below PowerShell code to export password last change date to CSV. 

Note: Since Get-AzureADUser doesn’t support last Password change attribute, we need to use Get-MsolUser cmdlet to get Azure AD users’ last password set date. 

But, getting a password expiry date is a bit difficult. Since each domain (a tenant can have multiple domains) can have a different password policy, getting Office 365 users’ password expiry date is tricky. You need to calculate the user’s Password expiry date by comparing user’s domain-password-policy. 

To ease your work, we have developed a PowerShell script that will solve all your password related queries. Yes! All-in-One PowerShell script. A single script can generate seven different password reports. 

 

Script Highlights: 
  • A single script allows you to generate 7 different password reports. 
  • The script can be executed with MFA enabled accounts too 
  • Exports output to CSV 
  • You can filter result to display Licensed users alone 
  • The script is scheduler friendly. I.e., Credential can be passed as a parameter instead of saving inside the script. 

You can Download the script from TechNet gallery

 

Sample Output: 

The output of the password expiry report contains the most essential attributes like Display Name, User Principal Name, Password last Change Date, Password Since Last Set (Password Age), Password Expiry Date, Friendly Expiry Time, License Status and Days Since Expiry/Days to Expiry. 

  Office 365 users last password change date report

 

How to Export Office 365 Users Password Last Change Date Report 

To list all Office 365 users and their date of last password change date, download the above script and execute as follows. 

 

Unlock Full Potential of “Export O365 Users Password Last Change” PowerShell Script: 

As said earlier, you can use this PowerShell script for multiple use-cases. I.e., you can generate multiple password reports using this script. We have listed a few significant reports. 

  • Get Office 365 users Password expiration date report 
  • Export Office 365 password expired users report 
  • List Office 365 users whose Password set to never expires 
  • Check all licensed users’ password last change time and expiry date
  • Soon to expire password users report 
  • Recent password changers report 

 

Export Office 365 Users’ Password Expiry Date Report: 

Retrieving password expiry date helps you to send a quick reminder to the password about to expire users. So, you can prevent users from account locking. 

To retrieve all azure ad users with their password expiry date, run the script as follows. 

The exported report lists all Office 365 users’ password expiration date and password last change date.

 

Office 365 Soon to Expire Password Users Report: 

Soon to expire password users report allows you to generate a report based on a number of days available for password expiry, I.e., passwords going to expire. With the help of a soon-to-expire password report, you can remind users to change their password by sending password expiry notification. 

Run the script with –SoonToExpire param with X number of days. 

The above script exports all users whose password will expire in 7 days.  

Note: Soon to expire password report doesn’t include password expired users. 

 

Office 365 Password Expired Users report using PowerShell:  

To list users whose password has expired, run the script with –PwdExpired switch param. By using this report, you can notify users about password expiry. 

The above script exports all password expired users available in the Office 365 tenant. 

 

Get a list of Users with Password Never Expires 

Using –PwdNeverExpires switch, you can retrieve users whose password set to never expire. 

Note: Microsoft recommends to set “Password Never Expires” to prevent unneeded password change. Because when users forced to change their password, often they choose a small, predictable alteration to their existing password or reusing their old passwords. 

 

Get all Licensed Users’ Password Last Change Date and Expiry Date: 

Most organizations won’t delete terminated user accounts; instead, they will unlicense them. When running a password expiry report, getting old/terminated user accounts is unnecessary. In that case, you can ignore unlicensed users.   

By using –LicensedUserOnly switch, you can export licensed users’ password related attributes like password last change date, password age, password expiry date, days to password expiry, etc. 

You can also refer our dedicated blog on Office 365 users’ detailed license report.

 

Export Recently Password Changed Users Report: 

To get a list of recent password changers report, run the script with –RecentPwdChanges param. You can pass the number of days in –RecentPwdChanges param. 

The above script will export a list of users who changed their password in the past 7 days. 

 

Export More Granular Password Expiry Report: 

To get a more granular password report, you can use multiple filters together. For example, 

The above script will export all licensed users whose password was expired. 

 

Schedule Office 365 Password Reports: 

You can schedule a password expiry report in Task Scheduler. If you schedule the script to run every week, you can send password expiry notification to password soon to expire users.

For more info, you can refer how to run PowerShell script in Task Scheduler blog.

 

I hope this blog is useful to generate Office 365 users’ last password change date report. If you want to add more password related attributes, let us know through the comment section.