# Searches for all users in AD that are enabled but the password never expires. Need to customize OU for each client
$refDate = (Get-Date).AddDays(180)
Get-ADUser -filter {Enabled -eq $True } –Properties "PasswordNeverExpires","passwordlastset", "DisplayName", "DistinguishedName", "msDS-UserPasswordExpiryTimeComputed" `
| Where-Object { $_.Enabled -eq $true -and $_.DistinguishedName -like '*OU=Employees*' -and $_.DistinguishedName -notlike '*OU=Kerfisnotendur*' } `
| Select-Object -Property "Displayname","DistinguishedName","PasswordNeverExpires","passwordlastset",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} `
| Where-Object { $_.PasswordNeverExpires -eq $true -or $_.ExpiryDate -gt $refDate }