i´m trying to create a script to send mail and monitor users with password never expired enabled. The idea here is to make sure that´s NO USERS will have the pass never expire option enbaled, making sure that all users are forced to change theis passwords from time to time, as GPO policy dictates.
but...
i got an disabled user to make some testing and, surpreise, some users are shown as "NULL" and others as "False" and others as "True"
WHy is that?
Get-ADUser -Filter 'SAMAccountName -eq "USER1"' -Properties SAMAccountName,PasswordNeverExpires | select-object SAMAccountName,PasswordNeverExpires | ft -A
SAMAccountName PasswordNeverExpires
-------------- --------------------
USER1 -->> NULL, nothing, blank, empty space!
PS C:\DADOS\SCRIPTS> Get-ADUser -Filter 'SAMAccountName -eq "USER2"' -Properties SAMAccountName,PasswordNeverExpires | select-object SAMAccountName,PasswordNeverExpires | ft -A
SAMAccountName PasswordNeverExpires
-------------- --------------------
USER2 False
So, i´ve changed the approach and tried something else:
Get-ADObject -LDAPFilter "(objectclass=user)" -Properties samaccountname,accountExpires | ft samaccountname,accountExpires -A | Out-File -FilePath c:\temp\file.txt
i´ve filtered more, to exclude disabled, get only users and so on, but something weird: several non-zero (infinite) numbers have appeared in the listings:
half of the database have a "9223372036854770000" (non-zero)
but
several users (less than 30) have a different number:
129907692000000000
129962088000000000
129981096000000000
130017384000000000
130028616000000000
130058028000000000
130219596000000000
130407948000000000
130706892000000000
130792428000000000
130828716000000000
130961736000000000
I´ts weird, thinking of a true/false information, it´s expected to see only 2 results... frustrating...