Home ยป PowerShell ยป Get AdUsers with Password Never Expires

Get AdUsers with Password Never Expires

by

The main reason for setting up the Active Directory Password Policy is to ensure that all users are using sufficiently secure passwords. This can be enforced by ensuring password length, complexity, and the expiration of user accounts.

As an administrator, you need to make sure to get adusers with password never expires and decide the next course of action to deal with a such user account.

Get-AdUser cmdlet in PowerShell has the PasswordNeverExpires attribute which tells if the ad user account password is set to never expire or not.

If the PasswordNeverExpires attribute value is set to $true, it means that the aduser password never expires.

In this article, we will discuss how to find get adusers with password never expires with examples.

Table of Contents hide
1 Find Get AdUser with Password Never Expires
2 Conclusion

Find Get AdUser with Password Never Expires

Using PowerShell script, to find active directory users having password never set to expire as given below

 Get-AdUser -filter { passwordNeverExpires -eq $true  -and enabled -eq $true } | Select Name, DistinguishedName

In the above PowerShell script,

Get-AdUser cmdlet uses a filter parameter to apply a filter for aduser objects where the PasswordNeverExpires attribute is equal to $true and the aduser is having enabled status in the active directory.

It gets a list of aduser with password never expires. You can later export a list of adusers to a CSV file using the Export-CSV cmdlet as well.

The output of the above command as below

Get Aduser password never expires
Get Aduser password never expires

Cool Tip: How to get aduser creation date!

Conclusion

I hope the above article to find a list of adusers passwords never expire is helpful to you.

Using the GetAdUser passwordNeverExpires attribute equal to $true, you can get the aduser password set to never expires.

Cool Tip: How to use reset active directory password in PowerShell!

It helps the system administrator to decide whether such an ad user account having a password never expires is intentional or by mistake and decide further actions on it.

As a pro tip, you should always set password expiry to the active directory user account to secure the network and Active directory. Read more about how to check the password policy in the active directory.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.