If you need to find out when a user in Active Directory last changed their password, it’s not very hard to do.
How to Enable Advanced Features in Active Directory?
The first thing you need to do is to turn on advanced features, which is what turns on the attribute editor tab in Active Directory Users and Computers.
- Start Active Directory Users and Computers
- Click the VIEW menu item
- Click ADVANCED FEATURES
How to Find Out When a User Last Changed Their Password in Active Directory
Now go through your Active Directory Users and Computers and find the user you’re looking for. NOTE: If you do a search for them rather than manually going through the active directory and finding them yourself the tab that you need, in this case attribute editor does not appear. Yes this is a pain.
- Either double click on the user or right click on them and select PROPERTIES
- Click the ATTRIBUTE EDITOR tab
- Click inside the attribute list and type the letter “P” which should get you down to PwdLastSet
Command Line To Find Out When a User Last Changed Their Password in Active Directory
if you’re not a fan of using the GUI or you’re trying to do something through a script you might want to use a command line to figure out the last time a user changed their password in Active Directory.
- Launch a CMD window or a PowerShell or Windows Terminal.
- This does not have to be run as it administrator but can be
- Type NET USER USERNAME and press the ENTER key
- sub in the real name of the user for USERNAME above (i.e. net user imatthews)
This will show you the last time a user set their password. It will will show you
- when a user’s password expires
- when are users password becomes changeable
- if a user’s password changes required
- if a user can change their own password