Find users in Azure AD or Office365 with password never expires and old passwords

A lot of companies put much some services from on-premises installation to the cloud. For this reason my todays post treats Office365 or AzureAD.

In larger environments containing hybrid office 365 /azure ad (also in pure azure ad environments) overview gets lost really quick because azure ad does not have diagnostic tools (not as deep as wanted) inside the web browser and has a complete flat structure.

So there are some sort of questions IT professional ask about: are there some users which do not have to change their password? Second question; when did they change their password?

Everybody who is familiar with Azure AD powershell; here is my powershell command

Get-MsolUser | Where-Object {$_.PasswordNeverExpires -eq $true -and $_.LastPasswordChangeTimestamp -lt (Get-Date).AddDays(-XX)} | Select-Object DisplayName,UserPrincipalName,LastPasswordChangeTimestamp,Licenses,PasswordNeverExpires | fl

For those who don’t have a clue how to connect to azure ad via powershell have a look on this link 

With this command you can get all users which have passwords that never expires AND which did not change their password for more than X days.

My example:

Get-MsolUser | Where-Object {$_.PasswordNeverExpires -eq $true -and $_.LastPasswordChangeTimestamp -lt (Get-Date).AddDays(-50)} | Select-Object DisplayName,UserPrincipalName,LastPasswordChangeTimestamp,Licenses,PasswordNeverExpires | fl

Change the command at “(Get-Date).AddDays(-50)”. This command displays all users who did not change their password for more than 50 days.

please comment if you have further questions or write me an email

have fun