In domain controller environment we all have some password policies set. In some organizations the users password is expired in 60 days in some 90 or in 180 Days.
User’s password must expired in the defined period, changing password often is a good security policy.
But when we create a user account some time by mistakes we select “Password Never Expires”.
if the “Password never expires” checked users password never expired.
which is not good for user’s account security.
My todays task is to find all users , who have “Password Never Expire” checked. To archive this task we are going to use “Active Directory” module and “Get-Aduser” cmdlet with Filters
Get-ADUser -Filter 'PasswordNeverExpires -eq $true' -Server localDC | select name
After Get-ADuser cmdlet we are using –Filter to show all those account whose “Password Never Expires value is equal to True” which means enabled,and in –server parameter i am defining my domain controller, and we are piping the output to “Select-Object” cmdlet and selecting to show “Name” property of the output to show.
and the output is below
Now I can show that list to my manager so that we can fix them later ..
Thanks for reading.