PowerShell Script: Users who are Inactive, passwordneverexpires, and are not disabled

Got askes this question today about seeing how many users inside an Active Directory have PasswordNeverExpires. I remember seeing the Search-ADAccount cmdlet that has this option. Doing a quick Help Search-ADAccount, I was given the swiches for this cmdlet. The Active Directory that we use has a lot of inactive accounts that we disable every 90 days inactive. I wanted to filter the disabled accounts out with the enabled accounts. Adding the Where-Object switch allowed me to do this. Next thing I wanted to do is provide a nice list of users for recoreds. Creating the headers I wanted with Select-Object and using the Export-CSV for the output file allowed me to achive this.

Search-ADAccount -PasswordNeverExpires | Where-Object {$_.Enabled -eq $True } | Select-Object name, LastLogonDate, DistinguishedName| Export-Csv C:\Temp\NoExpiration2016.csv

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s