We have an Azure AD user in our B2B tenant we would like to calculate when the password will expire. I cannot seem to find a way to do this in Azure. I've tried get-azureaduser select-object * and I can see a bunch of properties, but not any I'm looking for. I can see the "PasswordNeverExpires" is set to False, but how do I find out further details (when pwd was last set, when will it expire, etc).
Thanks in advance.
B2B users don't authenticate against your Azure AD instance, their passwords are managed in the home tenant. Thus you cannot get this information.
For a regular user, you can calculate the expiration date based on the LastPasswordChangeTimestamp value and the corresponding password policy settings. There are sample scripts available online if you need a ready to use solution. Again, that's for your own users, not guests.
Sorry, I probably worded this wrong. We have an Azure tenant, and in that tenant we have an Azure Active Directory, this is where that user account lives. It is a cloud only account, it is not synced with any on premise directory, etc.
The command that gives me 'some' properties is this one:
Get-AzureADUser -ObjectId user@mytenant.onmicrosoft.com | Select-Object *
But I'm looking to find out when this user changed pwd so I can calculate when it'll expire.
Does that help?
The Azure AD module is still lacking for some operations and some attributes are not exposed there, use the good old MSOnline module instead. Or call the Graph API directly if you prefer
wow, frustrating to have to use msonline module! But thanks for suggesting that, I didn't try it because I hadn't used that for years. . . . but it worked. Too bad MS couldn't add that to the new modules
I wonder if the attribute "RefreshTokensValidFromDateTime" when doing a get-azureaduser property represents the last password change? Can someone verify that?
6 People are following this question.
