Search Expired Accounts in A.D.
10-11-2017
Below are some options you can use.
Language or Platform: Powershell
Code:
# You must comment all but 1 of the blocks below
# CHECK PASSWORD EXPIRATION
Get-ADUser -Filter * -Property * | Where {$_.Enabled -eq "True" -and $_.PasswordExpired -Eq "True"} | Select-Object DisplayName , PasswordExpired
# Get more information with password expiration
Get-ADUser -SearchBase "OU=MyOU, DC=MyDomain, DC=local" -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet | where {$_.Enabled -eq "True"} | where {$_.PasswordNeverExpires -eq $false} | where {$_.passwordexpired -eq $true}
#CHECK ACCOUNT EXPIRATION
# Search A.D. for accounts expiring in the next 7 days
Search-ADAccount -AccountExpiring -TimeSpan "7"
# Search A.D. for accounts that already expired in the last 10 days
Search-ADAccount -AccountExpired | Where-Object {$_.AccountExpirationDate -ge ((Get-Date).AddDays(-10))}
# List A.D. accounts with their expiration information
Get-ADUser -Filter * -Properties Enabled, AccountExpirationDate, LastLogonDate | ? { `
($_.Enabled -EQ $False) -OR `
($_.AccountExpirationDate -NE $NULL -AND $_.AccountExpirationDate -LT (Get-Date)) -OR `
($_.LastLogonDate -NE $NULL -AND $_.LastLogonDate -LT (Get-Date).AddDays(-90)) }
Back