This guy was written to address accounts that are in
violation of policy. Password set to
never expire is an easy dig on an audit for auditors. I run this every 90 days and investigate
where needed. Once the investigation is
complete and all exceptions are approved any object leftover gets its password set
to (PasswordNeverExpires -eq $False).
Get-ADUser -filter { Enabled -eq $True -and
PasswordNeverExpires -eq $True } –Properties * |Select-Object Name,
SAMAccountName, Title, Enabled, WhenCreated, WhenChanged, PasswordNeverExpires,
Description | Export-Csv 'C:\temp\Pass_Never_Expires.csv' -NoTypeInformation –NoClobber
You can always run this as a scheduled task and email it to yourself. That info can be found here: http://mytechnicalsolution.blogspot.com/search/label/send-MailMessage
No comments:
Post a Comment