Hi,
There are 2ways to set the password policy in AD :
One is to configure it through GPO :Default domain policy
https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-policy
One is the FGPP (only for users and groups):
https://learn.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad
When using “net user samAccountName /domain“, the value returned by “Password expires” doesn’t take in consideration the fine grained policies.
It only shows the domain password policy.
You can considered the following Powershell command to confirm the password expired date.
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Get-ADUserResultantPasswordPolicy USERNAME