Search For Locked Users And Expired Users Using Active Directory PowerShell

In my eight article In the Active Directory PowerShell Module Series, I’m going to explain how to use the Module to generate reports and run built- In queries to find Locked Users, Users with expired password, etc.

If you are going to run these queries \ cmdlets from a management machine make sure you Install the Module as per the article I have written before called Install Active Directory PowerShell Module On Windows Server 2016.

the first cmdlet will show you how to search Active Directory for Disabled Accounts

Search-adaccount -accountdisabled | ft

To find account with Expired password type:

Search-adaccount -passwordExpired| ft

To find user with Password Never Expired setting type:

Search-adaccount -passwordneverExpires| ft

To find users that have not logged on to the network for the last 90 days type:

Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | ft

To find locked accounts type:

Search-ADAccount -lockout

You can also search for computers only by using the -ComputersOnly switch

Search-adaccount -accountdisabled -computersOnly | ft