{"id":2217,"date":"2017-06-21T21:36:44","date_gmt":"2017-06-21T21:36:44","guid":{"rendered":"http:\/\/microsoftgeek.com\/?p=2217"},"modified":"2023-05-12T13:35:15","modified_gmt":"2023-05-12T18:35:15","slug":"find-expired-accounts-in-active-directory-using-powershell","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=2217","title":{"rendered":"Find Expired Accounts in Active Directory using Powershell"},"content":{"rendered":"<p>We all know, people join organizations and leave organizations at regular intervals. And we as System Administrators have to create and manage their user accounts in Active Directory.<\/p>\n<p>As a best practice, we all set an expiration date to the user account that is created. But do we delete those accounts if they are no longer in use? Its hard to tell based on the company\u2019s policies and procedures. Therefore, today we will see how to find the expired accounts in the domain and you can do the same in your organization.<\/p>\n<p>We will be using <strong>Search-ADAccount<\/strong> cmdlet to perform this activity. You can do Get-Help<strong> Search-ADAccount<\/strong> to get more information and use cases of the cmdlet.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-587 no-display appear\" src=\"http:\/\/www.enterprisedaddy.com\/wp-content\/uploads\/2015\/02\/Untitled114.png\" alt=\"Find Expired Accounts in Active Directory using Powershell\" width=\"983\" height=\"487\" \/><\/p>\n<p>Now type the below on your screen.<\/p>\n<p><span style=\"color: #008000;\">#ImportAD<\/span><br \/>\n<span style=\"color: #0000ff;\">Import-Module ActiveDirectory<\/span><\/p>\n<p><span style=\"color: #008000;\">#Search for AD expired pswd accts<\/span><br \/>\n<span style=\"color: #0000ff;\">Search-ADAccount -AccountExpired | select Name, samAccountName, ObjectClass, AccountExpirationDate, lastLogonDate | Export-Csv c:\\ExpiredAccounts.csv<\/span><\/p>\n<p>Let us see what we did here.<\/p>\n<p>First we used the <strong>Search-ADAccount<\/strong> cmdlet with one of its parameters AccountExpired which will search for all the expired accounts in the domain.<\/p>\n<p>Next we are selecting Name, <strong>samAccountName<\/strong> and the <strong>ObjectClass<\/strong> of the account, the Account Expiration Date and the Last Logon time. The ObjectClass can be a user or a computer.<\/p>\n<p>After which we are exporting the result to a csv file with the help of the <strong>Export-Csv<\/strong> cmdlet.<\/p>\n<p>If you want to select only the User Accounts then we can select the parameter <strong>UsersOnly<\/strong> along with the <strong>Search-ADAccount<\/strong> cmdlet to find the same.<\/p>\n<p>Similarly we can use <strong>ComputersOnly<\/strong> parameter to see for computer accounts.<\/p>\n<p>If you are using User Accounts only then you can find out what are the properties available to export with the help of <strong>Get-Member<\/strong> cmdlet. See below for example.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-588 no-display appear\" src=\"http:\/\/www.enterprisedaddy.com\/wp-content\/uploads\/2015\/02\/Untitled28.png\" alt=\"Find Expired Accounts in Active Directory using Powershell\" width=\"985\" height=\"330\" \/><\/p>\n<p>I hope this was informative and thank you for reading!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We all know, people join organizations and leave organizations at regular intervals. And we as System Administrators have to create and manage their user accounts in Active Directory. As a best practice, we all set an expiration date to the user account that is created. But do we delete those accounts if they are no [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,59],"tags":[],"class_list":["post-2217","post","type-post","status-publish","format-standard","hentry","category-ad","category-powershell"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2217","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2217"}],"version-history":[{"count":5,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2217\/revisions"}],"predecessor-version":[{"id":3363,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2217\/revisions\/3363"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}