Find users with password never expire using PowerShell

Scenario:

Find users with password never expire using PowerShell.

Some companies have policy that user should always change their password on a specified interval. If there are multiple locations with local IT Administrators on each location and few thousands of users it is almost impossible to check manually if there are any users under Active Directory with Password Never Expires enabled. I came up with he below script so I will be able to be notified within 5 minutes if any user has been set with password never expired. The script runs on a schedule basis, every 5 minutes, and if it finds any user with the password set to not expire then an email report is sent to the responsible persons for further investigation. If no users are set to password never expire no email will be sent.

You can download the script here or copy it from below.

If you have any questions or anything else you can comment below.

Related Links:

Solution / Script:

Import-Module ActiveDirectory $File = "C:\Scripts\Password.txt" $Key = (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32) $EmailUser = "[email protected]" $Password = Get-Content $File | ConvertTo-SecureString -Key $Key $EmailCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $EmailUser,$Password $To = '[email protected]', '[email protected]' $From = '[email protected]' $EmailResult = "" $OUs = ((Get-ADOrganizationalUnit -Filter * -SearchBase "OU=Offices,DC=domain,DC=com").DistinguishedName) | where {$_ -like "OU=Employees*"} Foreach ($OU in $OUs) { $Users = Get-ADUser -Filter {PasswordNeverExpires -eq "True"} -SearchBase "$OU" -Properties * foreach ($User in $Users) { $UserSamAccountName = $User.SamAccountName $UserCompany = $User.Company $UserCountry = $User.Country $EmailTemp = @" <tr> <td class="colorm">$UserSamAccountName</td> <td>$UserCompany</td> <td>$UserCountry</td> </tr> "@ $EmailResult = $EmailResult + "`r`n" + $EmailTemp } } $EmailUp = @" <style> body { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; color:#434242;} TABLE { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;} TR {border-width: 1px;padding: 10px;border-style: solid;border-color: white; } TD {font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;padding: 10px;border-style: solid;border-color: white; background-color:#C3DDDB;} .colorm {background-color:#58A09E; color:white;} .colort{background-color:#58A09E; padding:20px; color:white; font-weight:bold;} .colorn{background-color:transparent;} </style> <body> <h3>Script has been completed successfully</h3> <h4>Below users have been set with password never to expire:</h4> <table> <tr> <td class="colort">User</td> <td class="colort">Company</td> <td class="colort">Country</td> </tr> "@ $EmailDown = @" </table> </body> "@ $Email = $EmailUp + $EmailResult + $EmailDown if ($EmailResult -ne "") { send-mailmessage ` -To $To ` -Subject "Users with PasswordNeverExpires Enabled Report $(Get-Date -format dd/MM/yyyy)" ` -Body $Email ` -BodyAsHtml ` -Priority high ` -UseSsl ` -Port 587 ` -SmtpServer 'smtp.office365.com' ` -From $From ` -Credential $EmailCredentials }