# Get Password Info [DSQUERY // ADComputer ](onenote:Generic%20Tech%5CPowerShell.one#DSQUERY%20%20%20%5C%20ADComputer§ion-id=%7BB682FB83-FDF2-40AC-A1D9-6FD27EC8D753%7D&page-id=%7BFF79087F-3B48-4F42-A492-37D54961612D%7D&end&base-path=X:%5CTier1%5COneNote%5CTech%20Information%5CTech%20Information) Get listing of all accounts with info: Get-ADUser -filter \* -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires Get listing of user accounts that have their passwords set to never expire Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires, enabled Get Last AD profile change such as update password Get-ADUser -filter \* -properties whenChanged, passwordlastset, passwordneverexpires | ft Name, whenChanged, passwordneverexpires Get last logon Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties name, passwordlastset, passwordneverexpires | Get-ADObject -Properties lastLogon | FT Name, @{N='LastLogon'; E={\[DateTime\]::FromFileTime($\_.LastLogon)}} Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires | ft Name, Passwordlastset, passwordneverexpires CSV of user accounts set to never expire Get-ADUser -filter 'passwordneverexpires -Eq "True"' -properties passwordlastset, passwordneverexpires | Select-Object Name, Passwordlastset, passwordneverexpires, enabled | export-csv -path c:\\Accent\\UserPassNeverExpire.csv -NoTypeInformation Inactive & disabled users Dsquery user -inactive 5 -disabled Remove password never expires to inactive accounts Dsquery user -inactive 50 | dsmod user -pwdneverexpires no Set all disabled user accounts removing the password never expires dsquery user -disabled | dsmod user -pwdneverexpires no Get listing of disabled users and last update to their account (presumably when disabled) Get-ADUser -filter 'Enabled -Eq "False"' -properties passwordlastset, passwordneverexpires, WhenChanged | ft Name, enabled, WhenChanged Table Fields: DistinguishedName Enabled GivenName Name ObjectClass ObjectGUID PasswordLastSet PasswordNeverExpires SamAccountName SID Surname UserPrincipalName get-localuser | Disable-LocalUser [Onboarding Commands](onenote://X/Tier1/OneNote/Marketing/Marketing/Onboarding/Template.one#Onboarding%20Commands§ion-id=%7BB18BB445-BD4B-4546-81E2-73EB8C1810C3%7D&page-id=%7B1BC844B1-85F1-4DE8-8814-E722FEA4EB96%7D&end) To get a list of all users in a domain and exported to CSV file get-aduser -filter \* -Properties \*| Select-Object Name, enabled, SamAccountName, UserPrincipalName | export-csv -path c:\\Accent\\test10.csv -NoTypeInformation