non expiring and enabled/disabled in ADUC

Posted on 2014-02-11
Medium Priority
Last Modified: 2014-02-20
is there anyway in ad users and computers to run a report of all users who have non-expiring password, and also their account status, i.e. enabled or disabled?
Question by:pma111
LVL 17

Expert Comment

by:Lior Karasenti
ID: 39849743
This script can help you to find all the none expired passwords:


Author Comment

ID: 39849746
i dont want to use a script i want to use aduc, thanks.
LVL 11

Accepted Solution

Manjunath Sullad earned 2000 total points
ID: 39849795
open ADUC and do the following.

Right-click Saved Queries and click the New-Query option
Type in a name for your saved query, such as Find all Non expiring PW Users
Click the Define Query button
Under the Find drop-down list, select Custom Search
Click the Advanced tab
Type in (objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)
Click the OK button to save the custom entry, then click on the OK button to save the query
Now you should see all users with the flage pw never expires

Click the Export List button from the top of the ADUC windows and save to txt file.

Refer : http://social.technet.microsoft.com/Forums/windowsserver/en-US/e979eb85-8269-4004-bc71-18d9b49d4416/how-to-check-list-users-in-my-ad-configured-with-password-never-expires?forum=winserverDS
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.


Author Comment

ID: 39849797
will this list account status i.e. enabled/disabled?
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39849817
You need to export disabled user list seperately, then compare with password never expiry list.

Refer below link to export disabled user list.


Export these two list to excel and compare these list, You will get Password never expiry with account disabled / enabled user list.
LVL 40

Expert Comment

ID: 39849976
You could use Bulk AD users Freeware tool from Wise soft

There is option called properties to load where you can put whatever attributes you are looking and then export this list to csv file

The search scope can be entire domain, OU or simply users list if you already have

To check account status add userAccountControl attribute and to check if it is having non expiring password add accountExpires

Tool can be run on any server \ client OS from 2003 and do not require PowerShell



Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
In this article, we will discuss how you can secure Active Directory using free tools, and how you can choose a safe and secure Active Directory security auditing tool.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question