0

I'm using the following one-liner to get a list of users who aren't disabled, and whose accounts expire, with some properties:

Get-ADUser -Filter {(Enabled -eq $true) -and (accountExpires -ne 0)} -Properties name, mail, c, physicalDeliveryOfficeName, telephoneNumber, manager, title, description | select-object name, mail, c, physicalDeliveryOfficeName, telephoneNumber, manager, title, description

It works, except it grabs everyone in my domain, not just the ones whose accounts expire as indicated. Why is it ignoring the accountExpires portion of the script?

Improve this question

1 Answer 1

Reset to default
2

The reason for wrong result is your wrong assumption, that every not-expiring account has value 0 in accountExpires attribute. In my tests that applied only to Administrator. Every other account had [int64]::MaxValue there - so you need to include this in your filter:

$Max = [int64]::MaxValue
Get-ADUser -Filter {
    (Enabled -eq $true) -and 
    (accountExpires -ne 0) -and 
    (accountExpires -ne $Max)
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, except this grabs all of the accounts that do expire; the opposite of what I want. Is there a way to reverse this?
Reversing it should be easy by reversing logic of the filter ...) -and ((acountExpires -eq 0) -or (accountExpires -eq $Max))

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.