creating AD reports for users with password set to never expire

Is there a way that one can create a report from AD to see which users are
setup with "Password Never Expires" permissions? Thank you.

 

The filter to retrieve all users with "Password Never Expires" set would be
(watch line wrapping):

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))



This can be used to filter in ADUC, or with most command line utilities. Or
you can use ADO in a VBScript program. See this link for details:



http://www.rlmueller.net/ADOSearchTips.htm



Using the terminology in the above link, your filter would be defined by:



strFilter = "(&(objectCategory=person)(objectClass=user)" _

& "(userAccountControl:1.2.840.113556.1.4.803:=65536))"

 

I didn't really understand.

What I did in order to get my results is open ADUC and create a new query >
Define Query > Then checked Non Expiring passwords...works for me.

Thank you.

 

It took me awhile to find what you are talking about. The Saved queries are
only available in W2k3. When you right click the "Saved queries" node and
select "New query", then click "Define Query" you can check "non-expiring
passwords". When you click OK you will see that the query is exactly what I
suggested.

In either W2k or W2k3 ADUC you can click "View", "Filter Options...", select
"Create Custom" and click "Customize", then click the "Advanced" tab and
enter the same LDAP query.

The same query can be used with several command line utilities, such as
ADFind.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--