Using the Active Directory Modules included with Windows 7 + Windows 2008 R2 we can use powershell to identify computer accounts which are “stale” and have not changed their passwords in a specified amount of time.
Define the Windows for “Stale”
Example will check for 365 days old.
PS> $LastSetDate = [DateTime]::Now - [TimeSpan]::Parse("365")
Count the Number of PCs which are Stale
PS> (Get-AdComputer -Filter {PasswordLastSet -le $LastSetDate} -Properties PasswordLastSet -ResultSetSize $null | ft SamAccountName,PasswordLastSet).count
Output a List of the Computer Accounts
PS> (Get-AdComputer -Filter {PasswordLastSet -le $LastSetDate} -Properties PasswordLastSet -ResultSetSize $null | ft SamAccountName,PasswordLastSet)