Password Not Expire
Searching All
get-aduser -filter * -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } | Select-Object DistinguishedName,Name,Enabled
Only enabled users
get-aduser -filter {Enabled -eq "true"} -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } | Select-Object Name,samaccountname,DistinguishedName
Enable only, plus excluding HealthMailbox because it craps up the results
get-aduser -filter {Enabled -eq "true" -and Name -notLike "HealthMailbox*"} -properties Name, PasswordNeverExpires | where {$_.passwordNeverExpires -eq "true" } | Select-Object Name,samaccountname,DistinguishedName
Expiry
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -SearchBase 'OU=ServiceAccounts,OU=Datacenter,DC=coolDomain,DC=COM' –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | `
Select-Object -Property "SamAccountName","UserPrincipalName","Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | `
Sort-Object ExpiryDate
@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Sort-Object ExpiryDate
Extend password expiration
Run the following command to reset the pwdlastset attribute to 0.
Set-ADUser -Identity username -Replace @{pwdlastset="0"}
Next run the command to reset the pwdlastset attribute to -1.
Set-ADUser -Identity username -Replace @{pwdlastset="-1"}
IMPORTANT: You need to run both commands do not just set to -1 or it will not work correctly.