How to Get a List of Users With Password Never Expires and Disable the Option for All Users

Printer-friendly versionPDF version
How to Get a List of Users With Password Never Expires and Disable the Option for All Users

Your organization may be facing a common compliance problem, having many of your users with the "Password Never Expires" option set in Active Directory. For any number of reasons, you may need to get a list of users with this option set. You may also need to disable this option for all users. Below are examples on how to list all users with this option enabled, and how to disable this option for all users:

The one-liner commands below can be ran from the command prompt as administrator.

To list all Active Directory users with the "Password Never Expires" option set:

dsquery *  -filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0

 

To turn off "Password Never Expires" for all Active Directory users:

dsquery *  -filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536))" -limit 0 | dsmod user -pwdneverexpires no

 

**These commands may span multiple lines on your screen, but they are actually one line, and are designed to be ran as one command

Post new comment