• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

ad report non-expiring accounts

I need an AD report ideally using a free tool/command line tool to list all AD users who are exempt from password expiry including the fields

username, password last set date, status (i.e. disabled/enabled).

Please provide recommendations on the tool and the appropriate syntax.
1 Solution
pma111Author Commented:
can it be done in adfind? http://www.joeware.net/freetools/
helpfinderIT ConsultantCommented:
without need to install anything special you can use AD Users and computers and create query here - non-expiring passwords
you will get list of users with password set to never expires and their names, also you can see if it is disabled or not (or you can do a similar query for disabled accounts)
You wont see last changed password in the table but in each user attribute properties you should be able to see also this.
If this is not sufficient for you I guess you can achieve this using PowerShell

pma111Author Commented:
in add/remove columns, which column will show "account status". I couldnt see anything obvious. In fact I have added all columns and I cant see which are disabled/enabled. I cant check them all manually as there are >1000 accounts.
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Please have a look at this application. Its freeware but up to some limitation on the number of users.

Hope it helps.

pma111Author Commented:
The first solution worked if I ticked both options, but ideally I wanted a single report, i.e all non expiring accounts, and then their status (i.e. enabled/disabled), rather than 2 reports for the 2 different criteria, but maybe I can merge them in some other software like access.
Will SzymkowskiSenior Solution ArchitectCommented:
You can accomplish this using the Native powershell commands. See below...

Import-module activedirectory
Get-ADUser -Filter * -Properties * | ? {$_.PasswordNeverExpires -eq "true"} | select name, samaccountname, PasswordNeverExpires, Enabled

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now