Passwords that never expire

by Mitch Tulloch [Published on 4 Oct. 2016 / Last Updated on 4 Oct. 2016]

A tip on how you can find passwords that never expire in Active Directory.

This week's tip is by Roan Daley, a Premier Field Engineer at Microsoft.

Finding Active Directory objects that have Password Never Expires

As an Active Directory PFE, one of the issues I typically address with administrators is to identify objects (computers or users) that have Password Never Expires. From security perspective, this is considered a risk. For most environments, the easiest way to do this is to use the DS query command:

For Users:

dsquery * domainroot -filter "(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr sAMAccountName userPrincipalName userAccountControl -d contoso.com

For Computers:

dsquery * domainroot -filter "(&(objectClass=computer)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr cn userAccountControl -d contoso.com

For Window 2008 R2 and above this is even easier with the advent of the Active Directory PowerShell Modules:

For Users:

Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

For Computers:

Search-ADAccount –PasswordNeverExpires - ComputersOnly | FT Name,ObjectClass –A

Hope these tips help with keeping you AD Clean!

About Roan Daley

Roan Daley is an Active Directory Premier Field Engineer (PFE) working at Microsoft.

The above tip was previously published in an issue of WServerNews, a weekly newsletter from TechGenix that focuses on the administration, management and security of the Windows Server platform in particular and cloud solutions in general. Subscribe to WServerNews today by going to http://www.wservernews.com/subscribe.htm and join almost 100,000 other IT professionals around the world who read our newsletter!

Mitch Tulloch is a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows Server and cloud computing technologies.  Mitch is also Senior Editor of WServerNews. For more information about him see http://www.mtit.com.

 

See Also


The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links