A few years ago I had a need to find all accounts in Active Directory that had the “Password Never Expires” option set. I wrote an HTA with VBScript to make it easy to find these accounts for anyone with little AD experience. I posted the script in the Microsoft Scripting Guys’ community script repository HERE, but I have received several reports recently from community members about errors. I have had the same reports with my Active Directory Last Logon Utility posted on their site, and it turns out that something gets lost in translation when copying code to the site. For whatever reason some of the formatting gets changed, so years later I have decided to post it here by request.
The script is written to search two AD LDAP paths, so make sure to change the paths at the top of the script. The script will return any user account objects that have “Password Never Expires” set on their account within those defined paths. It also searches all OUs under those paths. Once the accounts are returned you have a few choices. You can remove the option from those accounts, you can delete the accounts if no longer required, or you can simply export them to an Excel spreadsheet. After you have performed actions on those accounts, the script will display the accounts it made changes to and allow you to export those to a spreadsheet as well.
If you have any questions about this utility feel free to leave a comment. Also if you find this utility helpful, let me know in the comments. I always love hearing that I was able to help someone else.
Below is a link to the slide deck for my presentation on “Manage Your Shop with Policy Based Management Server and Central Management Server”.
If you have any questions please comment or send an email to “ryan at ryanjadams dot com”.
If you have seen my presentation please take the time to give me some feedback on
Paul Randall of SQLSkills fame has posted the contest of a lifetime. It’s a free seat in their Master Immersion Event on SQL Internals and Performance. This post is my entry into the contest.
I have worked for the same company for almost 13 years. During those 13 years the company has sent me to training exactly two times. Pretty impressive, huh? Now think about this. When I started I was a desktop guy on a Novell network. Since then I have been a server engineer, NT4 domain administrator, Active Directory Administrator, Microsoft Operations Manager, Forefront Identity Manager, automation and scripting, and now a DBA. That is just the short list, but what I want to point out is that all those skills were learned by me on my own and without training. Guess what though? The company has had no problem utilizing (exploiting) my skill set without compensation. If your wondering what that’s like, imagine trololo in your head for 13 years.
I have a passion for SQL server and you can read about that here in my How I Became a DBA post. I have an even bigger passion for the SQL community, and that’s why I want this free seat in Paul and Kimberly’s class. I know what it’s like to have a passion for technology and no access to the training, so you better believe I will share everything I learn with the community. I will be presenting two sessions at SQLSaturday 57 in Houston this weekend alone, but I bet they would have been much more in depth after some SQLSkills training. The reason I started blogging and speaking was because of the infectious Brent Ozar of SQLSkills. I owe him a debt of gratitude and if I win (and Brent makes it), his drinks are on me. If he doesn’t then I’ll buy Paul’s in hopes he will pay it forward, or share it with his sheep. These guys have been an inspiration to everyone in the SQL Community, and it would be an honor to attend this class.