How to generate a report on Active Directory (AD) users whose passwords never expire

To use PowerShell for password never expires users identification, the Get-ADUser cmdlet has to be used. There is no exclusive cmdlet to get AD users' password never expires report. Even with this cmdlet, filters have to be used to locate the desired users.

This article compares the process of getting password never expires users using PowerShell and ADManager Plus, a completely GUI-based AD, Office 365 and Exchange management and reporting tool. It offers predefined reports for every purpose, including fetching all user accounts with password never expires set for them, which makes it the easier option among the two.

Windows PowerShell

Steps to use PowerShell to get AD users with password never expires enabled.

  • Choose which domain you want to generate the report for.
  • Select the LDAP filters that you'll use as parameters for generating the report.
  • Within the Properties parameter, specify additional user object properties that should appear in the report.
  • Establish the format in which you want to export the report.
  • Double-check that you've adhered to the appropriate syntax when writing the script.
  • Use Windows PowerShell to compile and execute the script.
  • To generate the report in a different format, or to add additional properties to the reports, modify the script accordingly.

A sample PowerShell script to get AD user whose password never expires

 Copied
Get-ADUser -Filter PasswordNeverExpire -eq $true
Click to copy entire script

This script will list all AD domain users for whom password never expires setting is enabled. If you wish to export the report in a specific format, the script has to be modified, by adding the required format and the location to store the exported file.

ADManager Plus

To get all AD users whose password never expires,

  • Select Password never expires in the Password Reports section.
  • Select the Domain and OU and Generate the report.
  • Add additional properties for the users in the reports using the Add or Remove columns option. Use the Export As option to export the report in any of the desired format-CSV, PDF, XLSX, HTML, and CSVDE.

Screenshot

Screenshot of ADManager Plus with users' password never expires report
List Active Directory Users' whose passwords never expire using ADManager Plus

» Start 30-day Free Trial

Right from the report, you can enable/disable/delete user accounts, modify their attributes, reset password, modify group membership, and more, using the report's built-in management options.

In Active Directory (AD), the Get-ADUser cmdlet along with filters helps retrieve users whose passwords never expire. However, using Get-ADUser cmdlets to retrieve the users with password property set to 'password never expires' can prove to be a difficult task because:

  • Minute syntax errors or typographical errors can lead to execution failures.
  • Adding even minor details to the report—such as adding additional attributes —require scripts to be modified and executed again, which is time-consuming.
  • Exporting a report in a specific format requires a script to be modified accordingly, which increases the complexity of the script.
  • Troubleshooting these scripts require extensive AD and scripting expertise.
  • These scripts can only be executed on computers that have Active Directory Domain Services role.

Therefore, a better and easier way to generate AD reports is by using ADManager Plus, an Active Directory management and reporting tool. ADManager Plus is a web-based solution for all your AD, Exchange, Skype for Business, G Suite, and Office 365 management needs. It simplifies several routine tasks such as provisioning users, cleaning up dormant accounts, managing NTFS and share permissions, and more. Besides reporting, you can also build a custom workflow structure that will assist you in ticketing and compliance, automate routine AD tasks such as user provisioning and de-provisioning, and more. Download a free trial today to explore all these features.

Highlights of using ADManager Plus to generate AD reports

ADManager Plus simplifies the process of AD reporting by:

  • Providing script-free reporting.
  • Offering over 150 pre-packaged AD reports that cover the most important information about all AD objects.
  • Allowing you to create your own report using the custom reports feature.
  • Letting you automatically generate reports using the report scheduler. You can also choose to email these reports or store them at a specific location.
  • Enabling on-the-fly management tasks to be performed from within those reports. For instance, perform actions like delete, disable, move, etc, on inactive users generated from the inactive users reports.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

Email Download Link