by jbiggerstaff at 2012-10-30 15:19:19
I know that I have at least 1 user object in my domain where passwordexpired = True. When I run a query it appears to crank away but then comes back with no results. I have tried:
This returns no results:
Get-ADUser -Filter 'passwordexpired -eq $true'
Interestingly, this returns all users, even those with expired passwords:
Get-ADUser -Filter 'passwordexpired -eq $false'
This returns nothing:
Get-ADUser -Filter * | where-object {$_.passwordexpired -eq $true}
Any idea how I can simply get all users in my domain with expired passwords? Doesn't seem like it should be that difficult.
by mikefrobbins at 2012-10-30 18:41:14
Get-ADUser is one of those cmdlets that's what I call "pre-filtered". It doesn't include the PasswordExpired property by default. You have to add it with the -Properties parameter. I've added a filter so it also only returns enabled users.
Get-ADUser -Filter {enabled -eq $true} -Properties PasswordExpired | Where-Object {$_.PasswordExpired}
by jbiggerstaff at 2012-10-31 09:20:27
That works! Thank you so much.