When was the Last Password Changed for a User Account in Active Directory

Using various tools, you can check the Last Password Changed information for a user account in Active Directory. The information for last password changed is stored in an attribute called “PwdLastSet”.

You can check the value of “PwdLastSet” using either ADSIEdit tool or DSQuery. ADSIEdit tool shows the value in human readable format. DSQuery returns the attribute value in decimal format but it is easier to query PwdLastSet value for all users using DSQuery command.

There are two commands you need to run if you are using the DSQuery method; “DSQuery” and “W32tm.exe with /ntte” switch.

W32tm.exe with /mute switch is used to convert decimal to human readable timestamp format. For example, to get the PwdLastSet for a user account, run the following command:

  • DSQuery * “CN=TestUser,CN=Users,DC=<YourDomainName>, DC=<Com>” –Attr PwdLastSet

After running above command, the output is returned in decimal format as shown below:

PwdLastSet: 130187706386006320

Next, run the W32tm.exe /ntte <decimal value> command to get the timestamp in human readable format as stated below:

  • w32tm.exe /ntte 130187706386006320

150680 05:10:38.6006320 – 7/19/2013 10:10:38 PM

About Nirmal Sharma

Nirmal is a MCSEx3, MCITP and was awarded Microsoft MVP award in Directory Services. He is specialized in Directory Services, Microsoft Clustering, Hyper-V, SQL and Exchange and has been involved in Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles. Nirmal can be reached at ni[email protected].


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top