How to generate and export account expired users report

The following is a comparison between obtaining a report on users whose accounts have expired with Windows PowerShell and ADManager Plus.

Windows PowerShell

Steps to obtain group policy settings using PowerShell:

  • Identify the domain from which you want to retrieve the report.
  • Identify the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • The script should contain functions to identify the Account expiration date by the conditions such as Account Expiration date LDAP value not equal to Null and Account Expiration date LDAP less than equal to the current date. 
  • Execute it in Windows PowerShell.
  • To obtain the report in a different format, modify the script accordingly to the needs of the user.

Sample Windows PowerShell script

 Copied
                  	$OutFile = 'C:\Scripts\AccountExpiredUsers.csv' # your output file
Get-ADUser -Filter * -Properties Name, Enabled, AccountExpirationDate, LastLogonDate | ? {($_.AccountExpirationDate -NE $NULL -AND $_.AccountExpirationDate -LT (Get-Date)) }  | foreach {Add-Content -path $OutFile "$($_.Name),$($_.Enabled)"}
Click to copy entire script

ADManager Plus

To obtain the report,

  • Select Account Expired Users from User Reports section. 
  • Select domain and OU. Click Generate .
  • Select Export as to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).

Screenshot

A screenshot of ADManager Plus with all the expired Active Directory users in the domain
 

» Start 30-day Free Trial

Following are the limitations to obtain report of account expired users using native tools like Windows PowerShell:

  • We can run this script only from the computers which has Active Directory Domain Services role.
  • For accurate data, DC and the machine in which the script is executed must be in same time zone, else additional filters have to be employed .
  • Difficult to change date formats.
  • Difficult to apply different time zones on the date results.
  • Complexity in obtaining report in different formats.
  • Applying more filters, like OU or 'User name starts with' will increase the LDAP query complexity.

ADManager Plus offers a feature of 'Account Expired Users' in Account Status section from User Reports which gives the report in a single step.

Email Download Link