In my eight article In the Active Directory PowerShell Module Series, I’m going to explain how to use the Module to generate reports and run built- In queries to find Locked Users, Users with expired password, etc.
If you are going to run these queries \ cmdlets from a management machine make sure you Install the Module as per the article I have written before called Install Active Directory PowerShell Module On Windows Server 2016.
the first cmdlet will show you how to search Active Directory for Disabled Accounts
Search-adaccount -accountdisabled | ft
To find account with Expired password type:
Search-adaccount -passwordExpired| ft
To find user with Password Never Expired setting type:
Search-adaccount -passwordneverExpires| ft
To find users that have not logged on to the network for the last 90 days type:
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | ft
To find locked accounts type:
Search-ADAccount -lockout
You can also search for computers only by using the -ComputersOnly switch
Search-adaccount -accountdisabled -computersOnly | ft