Home » PowerShell » Get AdUsers with Password Never Expires

Get AdUsers with Password Never Expires

The main reason for setting up the Active Directory Password Policy is to ensure that all users are using sufficiently secure passwords. This can be enforced by ensuring password length, complexity, and the expiration of user accounts. As an administrator, you need to make sure to get adusers with password never expires and decide next course of action to deal with such user account.

Get-AdUser cmdlet in PowerShell has PasswordNeverExpires attribute which tells if ad user account password is set to never expire or not.

If the PasswordNeverExpires attribute value is set to $true, it means that the aduser password never expires.

In this article, we will discuss how to find get adusers with password never expires with examples.

Find Get AdUser with Password Never Expires

Using PowerShell script, to find active directory users having password never set to expires as given below

 Get-AdUser -filter { passwordNeverExpires -eq $true  -and enabled -eq $true } | Select Name, DistinguishedName

In the above PowerShell script,

Get-AdUser cmdlet uses a filter parameter to apply a filter for aduser objects where PasswordNeverExpires attribute is equal to $true and aduser is having enabled status in active directory.

It gets a list of aduser with password never expires. You can later export a list of adusers to a CSV file using the Export-CSV cmdlet as well.

The output of the above command as below

Get Aduser password never expires
Get Aduser password never expires

Cool Tip: How to get aduser creation date!


I hope the above article to find a list of adusers passwords never expire is helpful to you.

Using the GetAdUser passwordNeverExpires attribute equal to $true, you can get aduser password set to never expires.

It helps the system administrator to decide whether such ad user account having a password never expires is intentional or by mistake and decide further actions on it.

As a pro tip, you should always set password expiry to active directory user account to secure network and Active directory.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment