asked on
ad report non-expiring accounts
I need an AD report ideally using a free tool/command line tool to list all AD users who are exempt from password expiry including the fields
username, password last set date, status (i.e. disabled/enabled).
Please provide recommendations on the tool and the appropriate syntax.
username, password last set date, status (i.e. disabled/enabled).
Please provide recommendations on the tool and the appropriate syntax.
Active Directory
Last Comment
Will Szymkowski
ASKER
can it be done in adfind? http://www.joeware.net/freetools/
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
in add/remove columns, which column will show "account status". I couldnt see anything obvious. In fact I have added all columns and I cant see which are disabled/enabled. I cant check them all manually as there are >1000 accounts.
Please have a look at this application. Its freeware but up to some limitation on the number of users.
Hope it helps.
Thanks.
Hope it helps.
Thanks.
ASKER
The first solution worked if I ticked both options, but ideally I wanted a single report, i.e all non expiring accounts, and then their status (i.e. enabled/disabled), rather than 2 reports for the 2 different criteria, but maybe I can merge them in some other software like access.
You can accomplish this using the Native powershell commands. See below...
Will.
Import-module activedirectory
Get-ADUser -Filter * -Properties * | ? {$_.PasswordNeverExpires -eq "true"} | select name, samaccountname, PasswordNeverExpires, Enabled
Will.