Windows Tip of the Week: Find your account password expiration date in an AD environment

Image of laptop with hand holding a skeleton key extending outwards through the display.

In many cases your enterprise Active Directory will not involve too many domains, in fact it is quite common for an Active Directory implementation to only include one domain.  In some cases, however, when you have the unfortunate situation of having a username in multliple domains with differing policies on password expiration it is useful to be able to know when your password, or that of another user will expire.  Here is an easy way to accomplish this from the command line.

For the current active user

[code language=”bash”]
net user /domain
[/code]

For a different user

[code language=”bash”]
net user /domain _username_here_
[/code]

Here is an example of the output:

[code language=”bash”]
User name afore
Full Name Andrew Fore
Comment
User’s comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 1/29/2015 4:38:37 PM
Password expires 4/29/2015 4:38:37 PM
Password changeable 1/29/2015 4:38:37 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/18/2015 3:27:55 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *VMWare Admins *Domain Users
*Staff
[/code]

If you notice there is a lot of useful information regarding the user account here, but of particular interest in my situation was the value of Password expires since I was trying to ensure that I got my password reset prior to the policy setting so that I would not find myself locked out over the weekend that I went on call when the Helpdesk would be closed.