powershell password expiry help


I am very new to powershell. I am trying to write scripts in order to practice and get better. Unfortunately I am terrible at this currently.

I am trying to write a script to output to the window if an AD user password was set more than or less than 100 days ago.

Currently I have the below, I am not sure whether I am completely wrong or close, any help is much appreciated and if someone could explain where I have gone wrong this would also be appreciated.

import-module activedirectory

$user = Get-ADUser -Identity “remotelabs” -Properties *

$PWLS = $user.PasswordLastSet

$date = get-date

if ($PWLS -gt $date.Day.100)
{Write-host “this needs changing”}
Elseif ($PWLS -lt $date.Day.100)
{Write-Host “This doesn’t need changing”}

thank you in advance,

You’re nearly there.

To get the date you want to compare against, i.e. the date 100 days ago, you need to use the AddDate method.


You’ve got your logic the wrong way round as well. Yesterday’s date is less than today’s date. So it should be

if ($PWLS -lt $date.AddDays(-100))
{Write-host "this needs changing"}
 Elseif ($PWLS -gt $date.AddDays(-100))
 {Write-Host "This doesn't need changing"}

If you want to accelerate your learning, I really recommend starting with PowerShell in a Month of Lunches.


Thank you very much for replying and I’m glad I was nearly there.

I understand that you need .adddays as the property now.

I thought -lt -100 would be less than 100 days old (in the above code). But I guess I should read this as less than -100 so anything 100+(101,102) etc.

Thanks again,

Here are helpful resources for your reference.