Powershell is very powerfull and essential for querying Active Directory.  Here is an easy way to use powershell to find Users in Active Directory with the setting set to never have the password expire.  All the examples given here are setup to export the results into a CSV file and save to the C:\Temp folder.  You can easily edit this to your liking.  Please comment below if you have a request for something to be covered.  More blogs to come on this subject!


Get Users with Password Never Expires:


Example 1:

This will pull the User Name and PasswordNeverExpires property for all Active accounts.  File will be saved to C:\Temp\PasswordNeverExpires.csv


get-aduser -filter * -properties Name, PasswordNeverExpires | where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"} | select name, passwordneverexpires | export-csv c:\temp\PasswordNeverExpires.csv



Example 2:

Here is a more advanced example that will find all Active Users in Active Directory that have the setting set for Password Never Expires and will return the OU they belong to, Department and also the Last Logon Date.


get-aduser -filter * -properties *  | where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"} | select name, passwordneverexpires, lastlogondate, department, @{n='OU';e={$_.canonicalname -replace "/$($_.cn)",""}} | export-csv c:\temp\PasswordNeverExpires.csv