# Searches for all users in AD that are enabled but the password never expires. Need to customize OU for each client


$refDate = (Get-Date).AddDays(180)





Get-ADUser -filter {Enabled -eq $True } –Properties "PasswordNeverExpires","passwordlastset", "DisplayName", "DistinguishedName", "msDS-UserPasswordExpiryTimeComputed" `

    | Where-Object { $_.Enabled -eq $true -and $_.DistinguishedName -like '*OU=Employees*' -and $_.DistinguishedName -notlike '*OU=Kerfisnotendur*' } `

    | Select-Object -Property "Displayname","DistinguishedName","PasswordNeverExpires","passwordlastset",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} `

    | Where-Object { $_.PasswordNeverExpires -eq $true -or $_.ExpiryDate -gt $refDate }