Solved

ad report non-expiring accounts

Posted on 2013-12-19
6
242 Views
Last Modified: 2014-01-02
I need an AD report ideally using a free tool/command line tool to list all AD users who are exempt from password expiry including the fields

username, password last set date, status (i.e. disabled/enabled).

Please provide recommendations on the tool and the appropriate syntax.
0
Comment
Question by:pma111
6 Comments
 
LVL 3

Author Comment

by:pma111
ID: 39728868
can it be done in adfind? http://www.joeware.net/freetools/
0
 
LVL 19

Accepted Solution

by:
helpfinder earned 500 total points
ID: 39728897
without need to install anything special you can use AD Users and computers and create query here - non-expiring passwords
you will get list of users with password set to never expires and their names, also you can see if it is disabled or not (or you can do a similar query for disabled accounts)
You wont see last changed password in the table but in each user attribute properties you should be able to see also this.
If this is not sufficient for you I guess you can achieve this using PowerShell

sample
0
 
LVL 3

Author Comment

by:pma111
ID: 39728910
in add/remove columns, which column will show "account status". I couldnt see anything obvious. In fact I have added all columns and I cant see which are disabled/enabled. I cant check them all manually as there are >1000 accounts.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:Detlef001
ID: 39728948
Please have a look at this application. Its freeware but up to some limitation on the number of users.

Hope it helps.

Thanks.
0
 
LVL 3

Author Comment

by:pma111
ID: 39728956
The first solution worked if I ticked both options, but ideally I wanted a single report, i.e all non expiring accounts, and then their status (i.e. enabled/disabled), rather than 2 reports for the 2 different criteria, but maybe I can merge them in some other software like access.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39729033
You can accomplish this using the Native powershell commands. See below...

Import-module activedirectory
Get-ADUser -Filter * -Properties * | ? {$_.PasswordNeverExpires -eq "true"} | select name, samaccountname, PasswordNeverExpires, Enabled

Open in new window


Will.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Active Directory Account getting mysteriously locked 13 73
exchange, active directory 3 52
exchange, active directory 9 33
Changing logon server question 5 65
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question