Server 2008 – Find users with expired passwords

Previous versions of Active Directory allowed administrators to check if a user account had an expired password.This was done by installing a non-standard dll called acctinfo.dll which gave you an additional tab to display the required information.

Below: Server 2003 – Active Directory ‘Additional Account Info’ tab.

Server2008-ExpiredPassword1

Unfortunately Server 2008 – Active Directory Services does not support acctinfo.dll, however there is another approach which Microsoft have developed to get this information – using the Active Directory Administrative Center.

The following steps demonstrate how to list user accounts with an expired password.

It assumes you have already installed the Remote Server Administration Tools (see: http://www.microsoft.com/download/en/details.aspx?id=7887) and have required access to your Active Directory environment.

How to find users with expired passwords

  1. Using the Start menu, open the Active Directory Administrative Center
  2. Server2008-ExpiredPassword2
  3. Click on the ‘Global Search’ menu
  4. Server2008-ExpiredPassword3
  5. Using the ‘Add criteria’ button, select ‘Users with disabled/enabled accounts’ and ‘Users with an expired password’
  6. Click ‘Add’
  7. Server2008-ExpiredPassword4
  8. Click on the ‘disabled’ link and select ‘enabled’
  9. Server2008-ExpiredPassword5
  10. Click on the ‘Search’ button
  11. The search results will list all active user accounts which have an expired password.
  12. Server2008-ExpiredPassword6
  13. You can access additional information for each user account by doubling click on the listed name.

  14. The search results may contain several system/service user accounts (for example, mailbox accounts) – you may choose to disable these accounts or modify the search parameters to filter these out.