Active Directory Password Expired Audit

Find Active Directory Users with Expired Passwords

Active Directory is used in almost all organizations to organize and manage both devices and users. Lansweeper can scan users directly from active directory along with a wide range of active directory attributes like whether the account's password has expired and at what time.

Along with basic information about the user like their name and domain, this audit also lists the AD status and the time and date when the password expiration occurred. This lets you easily find users which password expired without the need of Powershell scripts or CMD commands. From the report, you can also navigate straight to the user's page to get all the detailed about the user including the devices that have been logged into.

AD user password expired

Active Directory Password Expired Query

Select Top 1000000 Case
    When tblADusers.Displayname Is Null Or
      tblADusers.Displayname = '' Then tblADusers.Userdomain + '\' +
      tblADusers.Username
    Else tblADusers.Displayname
  End As Displayname,
  tblADusers.Department,
  tblADusers.Title,
  tblADusers.Username,
  tblADusers.Userdomain,
  tblADusers.IsEnabled As EnabledInAD,
  'usersm.png' As Icon,
  tblADusers.PasswordExpirationDate
From tblADusers
Where tblADusers.PasswordExpirationDate < GetDate()
Order By tblADusers.PasswordExpirationDate,
  Displayname

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting