How to get the list of all Active Directory user accounts that never expire using PowerShell
To fetch the list of all Active Directory (AD) user accounts for which the account expiration date is not set, the Get-ADUser cmdlet will have to be used with appropriate filters. There is no cmdlet specifically to fetch AD user accounts which never expire.
This article compares the process of listing all AD user accounts which will never expire, using PowerShell and ADManager Plus. It will also explain why ADManager Plus, with its predefined reports for every purpose, including fetching all user accounts with account never expires selected for them, is the easier option among the two.
Windows PowerShell
Steps to get all AD user accounts with account never expires set, using PowerShell.
- Ensure you have the necessary permissions to perform this action, and also to execute PowerShell scripts.
- Create the script using the Get-ADUser cmdlet, and execute it in the PowerShell window.
A sample PowerShell script to enable an AD account
Copied
Get-ADUser -Filter {AccountExpirationDate -eq null} -Properties AccountExpirationDate | Select sAMAccountName, Enabled
Click to copy entire script
This script will list all AD domain users for whom account expiration date is not set. If you wish to export the report in a specific format, the script has to be modified, by adding the required format and the location to store the exported file.
ADManager Plus
To list all AD users with no expiration date set,
- Select the Account Never Expires Users report from User Reports, under the Reports tab.
- Select the domains from which you wish to this report, and click Generate. Click the Export as option and select the format to export the report.
Screenshot
» Start 30-day Free Trial
Right from the report, you can enable/disable/delete users, modify their attributes, reset password, modify group membership, and more, using the report's built-in management options.
Limitations of using PowerShell to get all account never expires AD users
- You will not be able to generate the account never expires AD users report using PowerShell if you do not have enough privileges in the AD domains from which you wish to generate this report. With ADManager Plus, users' privileges in native AD doesn't have to be elevated to enable user AD accounts.
- To export the report in a specific format using PowerShell, the script has to be modified. With ADManager Plus though, there is a built-in Export as option which allows you to export the report in CSV, PDF, HTML, or XLSX format at just the click of a mouse button.
- If you wish to search the generated report for specific entries, the PowerShell script doesn't offer any option. Nor does it offer any means to manage the user accounts from the report. ADManager Plus on the other hand offers a built-in search and on-the-fly management actions in all its reports to locate any user AD account easily and move, enable/disable, delete, reset passwords, modify group membership, create Exchange mailbox and more, for the desired user accounts, right from the report.
- You must know how to run the scripts from the PowerShell window. ADManager Plus is purely GUI-based, allowing you to perform all management and reporting actions with just mouse clicks from its web-based console.
- Just a misplaced hyphen, a misspelt LDAP attribute name or cmdlet parameter for which you don't have permissions could lead to errors. ADManager Plus lets you perform all the desired management and reporting operations with purely mouse-click based actions.