Info:
This is a utility I wrote from scratch that checks against Active Directory and let's you know the last time your users changed their password.
This is handy when you want to see whether or not
A.) You user account is set to "Password never expires" this is usually the case if the user hasn't updated their password in a really long time.
B.) You want to make sure your users follow a secure protocol and update their passwords regularly for security purposes.

This script will output a log file to the same location from where you run this script.


#Add the import and snapin in order to perform AD functions
Add-PSSnapin Quest.ActiveRoles.ADManagement -ea SilentlyContinue
Add-PSSnapin Microsoft.Exchange* -ea SilentlyContinue


Import-Module ActiveDirectory


#Clear Screen
cls


#List the domains we want to cycle through
[array]$TotalDomains="domain1.local","domain2.org","domain3.com"


#This loop checks against all 3 domains. The array of domains is defined above.
for($i=0; $i -lt $TotalDomains.Count; $i++)
{
$users = $(try {Get-ADUser -Filter{Enabled -eq $True -and SamAccountName -notlike "admin-*"} -server $($TotalDomains[$i]) -Properties SamAccountName, GivenName, Surname, telephoneNumber, mail, passwordlastset} catch {$null})

if ($users -ne $null)
{
# User EXISTS in this domain
#Write-Output "Retrieving user Last Password Changed for $($TotalDomains[$i])`r`n" | out-file "LastPasswordSet.txt" -Append

foreach ($user in $users)
{
$UsersName = $user.GivenName + " " + $user.Surname
$PasswordLastSetDate = $user.passwordlastset


Write-Output "Domain: $($TotalDomains[$i])`r`nUser: $($UsersName)`r`nPassword Last Set: $PasswordLastSetDate`r`n" | out-file "LastPasswordSet.txt" -Append
}
}
else
{
# User DOESN'T exist in this domain
#Don't do anything, just continue
}
}