Password never expires status
Password never expires status

With this little script, you will have a status on the user account “Password never expires” flag. This check is done on a specific OU. You can adapt the script to run it on a domain-wide.

The principe of the script is simple :

  • first, list all the user account with the “Password never expires” flag
  • after that, list all the user accounts
  • and finally, compare both lists created above to get the status
$ou = "OU=Users and Groups,DC=domain,DC=local"

#list all user account with the flag Password never expires = true
$passwordneverexpires_arr = search-adaccount -PasswordNeverExpires -SearchBase $ou | % {$_.DistinguishedName}
#list all user object in the ou $ou
$all_arr = get-aduser -filter * -SearchBase $ou | % {$_.DistinguishedName}

$all_arr | % {
	#compare both array and print result
	if ($passwordneverexpires_arr -match $_) { write-host -foreground green "password never expires true for $_ "} 
	else {write-host -foreground red "password never expires false for $_"}

The powershell cmdlet search-adaccount is very useful. It can used also to perform these tasks :

You can find more information with this powershell cmdlet here.

For the get-aduser cmdlet, you can go here.

My Powershell script categories

Password never expires status

Leave a Reply

Your email address will not be published.