Last time I had to list all account with no-expire password enabled.
I prepared simple script to check it.
1 |
get-aduser -filter 'enabled -eq "true"' -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } | Select-Object DistinguishedName,Name,Enabled,passwordNeverExpires |
The result will show all enabled accounts which has no expire password.
Of course, we can limit it to some specified OU and in below command I extended to have listed also accounts which are disabled.
1 |
get-aduser -filter * -properties Name, PasswordNeverExpires -SearchBase "OU=Users,DC=domain,DC=local" | where {$_.passwordNeverExpires -eq "true" } | Select-Object Name,Enabled,passwordNeverExpires |