App Muncher

Issues faced - solutions identified - shared with community.


Recently i had to fetch the list of AD users where PasswordNeverExpires was selected.

I used the following powershell script's to fetch the required data



  • Filtered records where accounts were enabled and PNE was set to TRUE. Extracted NAME and PNE Status.

    get-aduser -filter * -properties Name, PasswordNeverExpires | where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"}


  • Filtered records where accounts were enabled and PNE was set to TRUE. Extracted NAME, ObjectClass and PNE Status.

    Get-ADUser -filter { (PasswordNeverExpires -eq $true) -and (enabled -eq $true)} -searchbase "OU=,OU=,DC=,DC=" -Properties Surname,givenname, userprincipalName,PasswordNeverExpires| FT Name,ObjectClass,PasswordNeverExpires -A


  • Filtered records where accounts were enabled and PNE was set to TRUE. Extracted NAME, SAM Account Name, ObjectClass and PNE Status.

    Get-ADUser -filter { (PasswordNeverExpires -eq $true) -and (enabled -eq $true)} -searchbase "OU=,OU=,DC=,DC=" -Properties *, Surname,givenname, userprincipalName,PasswordNeverExpires| FT Name,ObjectClass,PasswordNeverExpires -A



Went through the following Microsoft Links to figure this.

  1. Link1
  2. Link2


Hope all uah folks find this useful.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright 2023, App Muncher. All rights Reserved.
| Designed by AppMuncher