Finding All Active Directory users with  passwords set to never expire 

Passwords set to never expire can be a security issues for your network. As per Active directory password policy it should be changed on regulars basis. However, if you didn’t intentionally set passwords to never expire, you may want check your Active Directory for User property which has been set with password never expire. This Report can be generated manually or you may configure a schedule task for the PowerShell script and it will execute it accordingly and send it on configured email address in PowerShell.

Powershell Script

#>

$then= (get-date).AddDays(-100)
$month = (Get-Date).AddDays(-100)
$today = (Get-Date).ToString()

# Html
$a = “<style>”
$a = $a + “BODY{background-color:Lavender ;}”
$a = $a + “TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}”
$a = $a + “TH{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:thistle}”
$a = $a + “TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:PaleGoldenrod}”
$a = $a + “</style>”

# Email Variables
$To = “amitceh@hotmail.com”
$from =”amitceh@gmail.com”
$smtpserver = ‘smtp.gmail.com’
$smtpUsername = ‘amitceh@gmail.com’
$smtpUsername = “amitceh@gmail.com”
$smtpPassword = ‘tdngaacahsdyeudm’
$credentials = new-object Management.Automation.PSCredential $smtpUsername, ($smtpPassword | ConvertTo-SecureString -AsPlainText -Force)
$subject = “Password Never expired Objects in infoalias.local ($today).”

# Import Module of Active Directory
Import-Module -Name ActiveDirectory

# User reports
$Users = Get-ADUser -Filter {(enabled -eq $true -and PasswordNeverExpires -eq $True )} -Properties LastLogonTimeStamp, whencreated, whenchanged,passwordlastset, PasswordNeverExpires, fax, mail | ? { (($_.distinguishedname -notlike’*Disabled*’)  -and ($_.distinguishedname -notlike’*Domain Admins*’))} | `
Select-Object -Property Name, SamAccountName, Enabled, DistinguishedName, whenCreated,whenchanged,passwordlastset,PasswordNeverExpires,fax,mail,@{Name=”LastLogonTimeStamp”;Expression={[datetime]::FromFileTime($_.LastLogonTimeStamp)}} `
| ConvertTo-html -Head $a -Body “<H2>Password Never expired Objects in infoalias.local ..</H2>”

$body = “Password Never expired Objects in infoalias.local from $month to $today .”
$body += “`n”
$body += $Users
$body += “`n”

Send-MailMessage -SmtpServer $smtpserver -Port 587 -UseSsl -Credential $credentials -To $to -From $from -Subject $subject -Body $body -BodyAsHtml