First off I am a newbie at powershell but I am very resourceful and was able to compile the command below to get what I want for the most part it runs great Give me the output i want… Except certain users as myself are not listed because some of our accounts password are set to never expire. As you can see in the command below the useraccountcontrol is set to 512 which is an enabled account if I recall. I also tried 66048 which is 512+65536 where 65536 is = to accounts set to not expire. but then it only displays us with those attributes.
Is there a way in one command like below where it can search for all users with the 512 and the 65536 useraccount control all in one command? Any other recommendations? Thank you
get-aduser -ldapfilter “(&(&(objectCategory=person)(objectclass=user)(mail=)(givenname=)(sn=*)(useraccountcontrol=512)))” -Properties givenName, sn,distinguishedname,samaccountname,mail, enabled,employeeid | Select givenName, sn,distinguishedname,samaccountname,mail,division,employeeid | sort-object -property givenname | Export-Csv -Path c:\output1\ldapfilter00000000.csv -NoTypeInformation