Solved

ad report non-expiring accounts

Posted on 2013-12-19
6
248 Views
Last Modified: 2014-01-02
I need an AD report ideally using a free tool/command line tool to list all AD users who are exempt from password expiry including the fields

username, password last set date, status (i.e. disabled/enabled).

Please provide recommendations on the tool and the appropriate syntax.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Author Comment

by:pma111
ID: 39728868
can it be done in adfind? http://www.joeware.net/freetools/
0
 
LVL 19

Accepted Solution

by:
helpfinder earned 500 total points
ID: 39728897
without need to install anything special you can use AD Users and computers and create query here - non-expiring passwords
you will get list of users with password set to never expires and their names, also you can see if it is disabled or not (or you can do a similar query for disabled accounts)
You wont see last changed password in the table but in each user attribute properties you should be able to see also this.
If this is not sufficient for you I guess you can achieve this using PowerShell

sample
0
 
LVL 3

Author Comment

by:pma111
ID: 39728910
in add/remove columns, which column will show "account status". I couldnt see anything obvious. In fact I have added all columns and I cant see which are disabled/enabled. I cant check them all manually as there are >1000 accounts.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 3

Expert Comment

by:Detlef001
ID: 39728948
Please have a look at this application. Its freeware but up to some limitation on the number of users.

Hope it helps.

Thanks.
0
 
LVL 3

Author Comment

by:pma111
ID: 39728956
The first solution worked if I ticked both options, but ideally I wanted a single report, i.e all non expiring accounts, and then their status (i.e. enabled/disabled), rather than 2 reports for the 2 different criteria, but maybe I can merge them in some other software like access.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39729033
You can accomplish this using the Native powershell commands. See below...

Import-module activedirectory
Get-ADUser -Filter * -Properties * | ? {$_.PasswordNeverExpires -eq "true"} | select name, samaccountname, PasswordNeverExpires, Enabled

Open in new window


Will.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question