Finding password age in Active Directory doesn’t have to be all that complicated
1. Net user
Open up command prompt and issue following command:
net user username /domain
Where username is an AD logon name of a user. Output of this command should look like this:
Last logon entry visible in above screenshot can also be found in ADUC by navigating to user’s account and going to Attribute Editor tab as below:
There is a controversy over which attribute should be used, whether it should be lastLogon or lastLogonTimestamp. In my case lastLogon attribute is more accurate. Another quick way to do this is to use Lockout status tool provided by Microsoft.
2. Lockout Status tool
Bear in mind that in order to use this tool on a client machine rather than a server you would have to have RSAT installed.