Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Using a password expiration policy is a best practice that makes it harder for attackers to crack user credentials. Most organizations enforce a password expiration period (for example, 90 days) on regular user accounts, but in some cases, administrators set a password to never expire for select domain user accounts in Microsoft Windows Server 2016, 2012, 2008, 2003.
However, letting this practice spiral out of control can seriously jeopardize IT security. To keep tabs on accounts exempt from password expiration, many administrators turn to the trusty Active Directory module for Windows PowerShell, performing an AD query to list users with the Password Never Expires attribute set to “True.”
1. Open the Powershell ISE → Create a new script with the following code and run it, specifying the path for export:
# Import the AD module to the session
Import-Module ActiveDirectory
#Search for the users and export report
get-aduser -filter * -properties Name, PasswordNeverExpires | where {
$_.passwordNeverExpires -eq "true" } | Select-Object DistinguishedName,Name,Enabled |
Export-csv c:\data\pw_never_expires.csv -NoTypeInformation
2. Open the file produced by the script in MS Excel.
https://img.netwrix.com/howtos/Excel_8.png
Originally posted: https://www.netwrix.com/how_to_get_list_of_users_with_password_never_expires.html