Get-QADUser username | Format-List *Password* – provides a handy list of password properties for an Active Directory user account including the age and expiration date.
Here’s what I got for one of the accounts in my domain:
Get-QADUser username | Format-List *Password*
PasswordLastSet : 2/5/2010 7:31:16 PM
PasswordAge : 60.21:51:12.2086957
PasswordExpires : 5/6/2010 7:31:16 PM
PasswordNeverExpires : False
UserMustChangePassword : False
PasswordIsExpired : False
PasswordStatus : Expires at: Thursday, May 06, 2010
This can obviously used across multiple accounts to create handy reports, let users know in advance that their passwords are about to expire, and so on.