Odd date behavior with Get-ADUser

This command produces the output of an ID and the date the password will expire.

Get-ADUser -ID MyID –Properties * | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

The output is as follows and is incorrect:

Displayname ExpiryDate
----------- ----------`
John M      12/31/1600 7:00:00 PM

However if I specify the property explicitly in with the -Props, the correct information is produced:

Get-ADUser -ID MyID –Properties DisplayName, msDS-UserPasswordExpiryTimeComputed | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Displayname ExpiryDate
----------- ----------
John M      12/8/2019 6:59:55 AM

Any ideas? I am fine with using the correct properties in the command, just curious why the wildcard * produces the wrong result.

Looks like properties * doesn’t return msDS-UserPasswordExpiryTimeComputed.

This was a cool question! I’ve never had problem with this as I try to avoid using *, but!
It looks like the * is pre-defined with 156 properties when there is actually more. I found this script to bring all the types


$properties = Get-ADObject -SearchBase (Get-ADRootDSE).SchemanamingContext -Filter {name -eq “User”} -Properties MayContain,SystemMayContain |
Select-Object @{name=“Properties”;expression={$.maycontain+$.systemmaycontain}} |
Select-Object -ExpandProperty Properties


$bom = get-aduser myuser -prop *
($bom | gm | Where {$_.membertype -eq ‘property’}).count


And this seems to be a rabbit hole. Needs to be dig deeper. Someone wiser could come to rescue me :slight_smile:

so simple

Interesting. I had always assumed when that funky date was returned, it implied the user had never logged in. In my environment, this assumption is accurate. Could that be your case as well?

Search-ADAccount -AccountExpiring | select name,AccountExpirationDate

Use that instead. I had to adapt a lot of scripts after some PS update, I think it came out when Server 2012R2 did, but I forget the exact time.