powershell & Active Directory: Find all users who have “Password Never Expires” enabled using Powershell.

In domain controller environment we all have some password policies set. In some organizations the users password is expired in 60 days in some 90 or in 180 Days.

User’s password must expired in the defined period, changing password often is a good security policy.

But when we create a user account some time by mistakes we select  “Password Never Expires”.

if  the “Password never expires” checked users password never expired.

07-08-2012 13-28-44

which is not good for user’s account security.

My todays task is to find all users , who have “Password Never Expire” checked. To archive this task we are going to use “Active Directory” module and “Get-Aduser” cmdlet with Filters

Get-ADUser -Filter  'PasswordNeverExpires -eq $true'  -Server localDC | select name


07-08-2012 13-29-42

After Get-ADuser cmdlet we are using –Filter to show all those account whose “Password Never Expires value is equal to True” which means enabled,and in –server parameter i am defining my domain controller, and  we are piping the output to “Select-Object” cmdlet and selecting to show “Name” property of the output to show.

and the output is below

07-08-2012 13-29-20


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: