A colleague was trying to generate a report of Active Directory Users, displaying their Organizational Unit and PasswordNeverExpires property status. Normally this should be very simple, but they ran into a small snag.

The Active Directory module at the time of this writing which is PowerShell 4.0 does not have a direct Organizational Unit property unlike Exchange Management Shell. So I came up with a one line script to extract the Organizational Unit from a known property and display the report as needed:

PS C:\> Get-ADUser -Filter "ObjectClass -eq 'user' -and Enabled -eq 'true'" -Properties PasswordNeverExpires | Select-Object Name, @{Name='OU';Expression={($_.DistinguishedName.Split(',', 2))[1]}}, PasswordNeverExpires | Sort-Object -Property PasswordNeverExpires

First, the Get-ADUser cmdlet retrieves all users, filtering by the objectclass equals user property and enabled status set to true. We would like to display the PasswordNeverExpires property. Since the current Active Directory module does not have an Organizational Unit property, I decided to use the Split() method of the DistinguishedName property to extract the Organizational Unit substring of the same object . The split method takes a string and splits it into one or more elements or substrings, determined by the split delimiter or separator and number of elements or fields or substrings.The result is sorted by the PasswordNeverExpires property.

A section of the displayed result is shown below. The result could also be piped to a CSV file using the Export-CSV cmdlet. I hope this helps.