Get-MgUserPasswordInfo
SYNOPSIS
Retrieves and processes user password information from Microsoft Graph and get information about the user's password, such as the last password change date, on-premises sync status, and password policies.
SYNTAX
Get-MgUserPasswordInfo [[-UserPrincipalName] <String[]>] [-PasswordPoliciesByDomainOnly]
[-ProgressAction <ActionPreference>] [<CommonParameters>]
DESCRIPTION
The Get-MgUserPasswordInfo script collects details such as the user's principal name, last password change date, on-premises sync status, and password policies.
EXAMPLES
EXAMPLE 1
Get-MgUserPasswordInfo
Retrieves password information for all users and outputs it (default behavior).
EXAMPLE 2
Get-MgUserPasswordInfo -UserPrincipalName xxx@domain.com
Retrieves password information for the specified user and outputs it.
EXAMPLE 3
Get-MgUserPasswordInfo -PasswordPoliciesByDomainOnly
Retrieves password policies for all domains only.
PARAMETERS
-UserPrincipalName
Specifies the user principal name(s) of the user(s) for which to retrieve password information.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PasswordPoliciesByDomainOnly
If specified, retrieves password policies for domains only, without retrieving individual user information.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ProgressAction
{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
OUTPUTS
PSCustomObject
The script returns an array of custom PowerShell objects containing the following properties for each user:
- UserPrincipalName: The user's principal name.
- LastPasswordChangeDateTimeUTC: The last date and time the user's password was changed.
- OnPremisesLastSyncDateTimeUTC: The last date and time the user's on-premises directory was synchronized.
- OnPremisesSyncEnabled: Indicates whether on-premises synchronization is enabled for the user.
- ForceChangePasswordNextSignIn: Indicates whether the user is required to change their password at the next sign-in.
- ForceChangePasswordNextSignInWithMfa: Indicates whether the user is required to change their password at the next sign-in with multi-factor authentication.
- PasswordPolicies: The user's password policies. Can be : Empty, 'None' or 'DisablePasswordExpiration' (the last one is especially for synced users).
- PasswordNotificationWindowInDays: The number of days before the password expires that the user is notified.
- PasswordValidityPeriodInDays: The number of days before the password expires.
NOTES
Ensure you have the necessary permissions and modules installed to run this script, such as the Microsoft Graph PowerShell module. The script assumes that the necessary authentication to Microsoft Graph has already been handled with the Connect-MgGraph function. Connect-MgGraph -Scopes 'User.Read.All', 'Domain.Read.All'