Home |

Trigat

Search Expired Accounts in A.D.

10-11-2017

Below are some options you can use.

Language or Platform: Powershell

Code:

# You must comment all but 1 of the blocks below

# CHECK PASSWORD EXPIRATION
Get-ADUser -Filter * -Property * | Where {$_.Enabled -eq "True" -and $_.PasswordExpired -Eq "True"} | Select-Object DisplayName , PasswordExpired

# Get more information with password expiration
Get-ADUser -SearchBase "OU=MyOU, DC=MyDomain, DC=local" -filter * -properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet | where {$_.Enabled -eq "True"} | where {$_.PasswordNeverExpires -eq $false} | where {$_.passwordexpired -eq $true}


#CHECK ACCOUNT EXPIRATION
# Search A.D. for accounts expiring in the next 7 days
Search-ADAccount -AccountExpiring -TimeSpan "7"

# Search A.D. for accounts that already expired in the last 10 days
Search-ADAccount -AccountExpired | Where-Object {$_.AccountExpirationDate -ge ((Get-Date).AddDays(-10))}


# List A.D. accounts with their expiration information
Get-ADUser -Filter * -Properties Enabled, AccountExpirationDate, LastLogonDate | ? { `
($_.Enabled -EQ $False) -OR `
($_.AccountExpirationDate -NE $NULL -AND $_.AccountExpirationDate -LT (Get-Date)) -OR `
($_.LastLogonDate -NE $NULL -AND $_.LastLogonDate -LT (Get-Date).AddDays(-90)) }

Back