Get A List of "Password Never Expires" Users From Active Directory Using AdFind.exe
This tutorial will show you how to get a formatted list of users from Active Directory with the "Password never expires" check-box selected. We will be using the AdFind.exe tool from joeware.net to get the data from Active Directory. We will then use a Linux system to format the list into readable view.
To begin, download AdFind.exe from joeware.net:
Extract the zip file to C:\AdFind, then open a command prompt and change to the location where you extracted it:
Run this command, all in one line:
adfind -bit -default -f "(&(objectCategory=person)(objectClass=user)(userAccountControl:AND:=65536))" > ad.txt
This will give you an ugly list from Active Directory containing all users that have the "Password never expires" box checked and it will export it to a text file named ad.txt. The list contains much more unnecessary information which will clutter the reading of it. If you wish, you may simply search the text file for "displayName:" and each line will show you the name of a user with "Password never expires" checked. If you have many users, that method may not work very well for you. To format it in an easy to read list, you will need a Linux system (if anybody knows how to do this on Windows, please leave a comment).
Run this command on a Linux system, and you will have an eaiser to read list of users:
cat ad.txt | grep "displayName:" > ad_formated.txt
You will now have a new text file with the list of users named ad_formated.txt. It will look like this:
>displayName: Tijs Verwest
>displayName: Manuel Reuter
>displayName: Maynard Keenan