How to generate and export account expired users report using Powershell

The following is a comparison between getting a list of all users whose accounts have expired with Windows PowerShell and ADManager Plus.

Windows PowerShell

Steps to obtain Account Expired Users report using PowerShell:

  • Identify the domain from which you want to retrieve the report.
  • Identify the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • The script should contain functions to identify the account expiration date by the conditions such as Account Expiration Date LDAP value not equal to Null and Account Expiration Date LDAP less than equal to the current date.
  • Execute it in Windows PowerShell.
  • To obtain the report in a different format, modify the script according to the needs of the user.

Sample Windows PowerShell script to get a list of expired AD users

 Copied
                  	$OutFile = 'C:\Scripts\AccountExpiredUsers.csv' # your output file
Get-ADUser -Filter * -Properties Name, Enabled, AccountExpirationDate, LastLogonDate | ? {($_.AccountExpirationDate -NE $NULL -AND $_.AccountExpirationDate -LT (Get-Date)) }  | foreach {Add-Content -path $OutFile "$($_.Name),$($_.Enabled)"}
Click to copy entire script

ADManager Plus

To obtain the report,

  • Navigate to Reports> User Reports > Account expired users.
  • Select a domain and OU. Click Generate.
  • Select Export as to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).

Screenshot

Find account expired Active Directory users using ADManager Plus
 

ยป Start 30-day Free Trial

Following are the limitations of obtaining reports on account expired users using native tools like Windows PowerShell:

  • We can run this script only from the computers which have Active Directory Domain Services role.
  • For accurate data, DC and the machine in which the script is executed must be in same time zone, else additional filters have to be employed .
  • Difficult to change date formats.
  • Difficult to apply different time zones on the date results.
  • Complexity in obtaining report in different formats.
  • Applying more filters, like OU or 'User name starts with' will increase the LDAP query complexity.

ADMP offers a preconfigured report to find the list of account expired users across multiple domains or from a specific OU at the click of a button. You can learn more about this report here.

  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

Email Download Link