How to identify users with passwords older than 90 days using PowerShell?
+
Many organizations enforce password policies requiring users to change their passwords every 90 days or (appx 3 months). However, some users may not consistently adhere to these guidelines. This lack of compliance can lead to account lockouts and decreased productivity, posing security risks.
There is no direct method to find password age. However, we can find the users who haven't changed their passwords for the last 90 days using PowerShell.
Connect to the Microsoft Graph module and run the below cmdlets.
Connect-MgGraph
$PolicyDays = (Get-Date).AddDays(-90)
$users=Get-MgBetaUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime, PasswordPolicies | Where-Object {$_.LastPasswordChangeDateTime -lt $PolicyDays } $users | Select-Object DisplayName, UserPrincipalName, LastPasswordChangeDateTime
Using AdminDroid's Password Not Changed in 90 Days report, you can easily track the users who have not changed their password in the last 90 days, ensuring timely updates for better security.
- Beyond the standard 90-day cycle, the report interface allows you to filter users with password ages greater than 30, 60, 90, 180, or any custom duration as per your organizationâs policy.
- This flexibility ensures that you can effectively monitor and manage password policies tailored to your security requirements.