Get A List of "Password Never Expires" Users From Active Directory Using AdFind.exe

Printer-friendly versionPDF version
adfind.exe

This tutorial will show you how to get a formatted list of users from Active Directory with the "Password never expires" check-box selected. We will be using the AdFind.exe tool from joeware.net to get the data from Active Directory. We will then use a Linux system to format the list into readable view.

To begin, download AdFind.exe from joeware.net:

http://www.joeware.net/freetools/tools/adfind/index.htm

Extract the zip file to C:\AdFind, then open a command prompt and change to the location where you extracted it:

cd C:\AdFind

Run this command, all in one line:

adfind -bit -default -f "(&(objectCategory=person)(objectClass=user)(userAccountControl:AND:=65536))" > ad.txt

This will give you an ugly list from Active Directory containing all users that have the "Password never expires" box checked and it will export it to a text file named ad.txt. The list contains much more unnecessary information which will clutter the reading of it. If you wish, you may simply search the text file for "displayName:" and each line will show you the name of a user with "Password never expires" checked. If you have many users, that method may not work very well for you. To format it in an easy to read list, you will need a Linux system (if anybody knows how to do this on Windows, please leave a comment).

Run this command on a Linux system, and you will have an eaiser to read list of users:

cat ad.txt | grep "displayName:" > ad_formated.txt

You will now have a new text file with the list of users named ad_formated.txt. It will look like this:

>displayName: Tijs Verwest

>displayName: Manuel Reuter

>displayName: Maynard Keenan

....

 

Or you can use ADUC:

  • Right click on Domain and click Find
  • Select Custom Search from the Find drop down menu
  • Click Advanced tab
  • Enter: (|(useraccountcontrol=66048)(useraccountcontrol=66050))
  • Click Find Now

Should show you all enabled/disabled users with password set to expire.

 

formated list on windows:

findstr "displayName:" ad.txt > ad_formated.txt

Post new comment