Technology Made Simple
Tuesday November 29th 2022



Q&A Monday: Domain Password Last Changed


I am in a situation on where I need to find out when the last time a user changed their network password.  Our domain policy forces the change in account passwords every 120 days, and a user is claiming that it’s been longer than that, I checked the GPO and everything looks OK, but is there a way to actually check the last time someone changed their password?


I’ve run into this situation before, where a user is unsure when the password was changed and believed it was way passed due.  I did some searching around the internet and found a couple of scripts that would do this for you.  After testing out a bunch of scripts, I found one that would do what I wanted and was actually easy to you.  This script came from  It was very simple to run, and gave me password last set dates for every user in my domain.  Here’s how I did it.

  1. I downloaded the program from the website – direct download link here
  2. I renamed the PwdLastChanged.txt to PwdLastChanged.vbs (renaming this file to a VB Script so we can run it)
  3. Open up a command prompt and browse to where you downloaded the script (for me it was my C: drive)
  4. run the following command: cscript //nologo PwdLastChanged.vbs “c:\Report.txt”
    NOTE: the C:\Report.txt can be changed to whatever you want
  5. You browse to the location of C:\Report.txt (or wherever you pointed it) and you have two options
    1. You can just open the Report.txt file and look at the information
    2. I renamed the Report.txt file to Report.csv and opened with Excel and made the information  more readable.

Now this script is not only handy for finding out when a user is due for a password change.  I’ve also been able to use this script to find out accounts that are not in use anymore.  Because if a password falls outside of the set password expiration time, you can assume that the account hasn’t been used in that time frame.  For example, your password changes are forced every 4 months, and you see accounts with 8+ months since the password has been changed, it may be an old inactive account.  Now this wont work for everyone, but it is a good place to start.

If  you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at, and he’ll try to answer your question.  Check back every Monday for a new Question and Answer session, and check back Wednesday and Friday for other technical insightes.

Leave a Reply