Passwords that never expire

This week’s tip is by Roan Daley, a Premier Field Engineer at Microsoft.

Finding Active Directory objects that have Password Never Expires

As an Active Directory PFE, one of the issues I typically address with administrators is to identify objects (computers or users) that have Password Never Expires. From security perspective, this is considered a risk. For most environments, the easiest way to do this is to use the DS query command:

For Users:

dsquery * domainroot -filter “(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=65536))” -attr sAMAccountName userPrincipalName userAccountControl -d

For Computers:

dsquery * domainroot -filter “(&(objectClass=computer)(UserAccountControl:1.2.840.113556.1.4.803:=65536))” -attr cn userAccountControl -d

For Window 2008 R2 and above this is even easier with the advent of the Active Directory PowerShell Modules:

For Users:

Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

For Computers:

Search-ADAccount –PasswordNeverExpires – ComputersOnly | FT Name,ObjectClass –A

Hope these tips help with keeping you AD Clean!

About Roan Daley

Roan Daley is an Active Directory Premier Field Engineer (PFE) working at Microsoft.

The above tip was previously published in an issue of WServerNews, a weekly newsletter from TechGenix that focuses on the administration, management and security of the Windows Server platform in particular and cloud solutions in general. Subscribe to WServerNews today by going to and join almost 100,000 other IT professionals around the world who read our newsletter!

Mitch Tulloch is a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award and a widely recognized expert on Windows Server and cloud computing technologies.  Mitch is also Senior Editor of WServerNews. For more information about him see


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top